CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1599 matches found

Packet Storm•added 2022/03/07 12:0 a.m.•394 views

Loki RAT (Relapse) SQL Injection

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...

7.4AI score

Exploits0

Packet Storm•added 2022/03/07 12:0 a.m.•352 views

Loki RAT (Relapse) Directory Traversal / Arbitrary File Deletion

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5ba.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: Directory Traversal - Arbitrary File Delete Description: The LokiRAT...

0.2AI score

Exploits0

NVD•added 2022/02/24 3:15 p.m.•25 views

CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...

9.8CVSS0.01551EPSS

Exploits1References1

Prion•added 2022/02/24 3:15 p.m.•16 views

Sql injection

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...

7.5CVSS9.7AI score0.01551EPSS

Exploits1References1Affected Software1

CVE•added 2022/02/23 9:11 p.m.•96 views

CVE-2022-25403

CVE-2022-25403 affects HMS v1.0, with a SQL injection vulnerability in the admin.php component. The issue stems from inadequate handling/validation of user input in admin.php, allowing injection of arbitrary SQL statements. Reported impact in CVSS indicates high severity with partial confidential...

9.8CVSS9.8AI score0.01551EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/02/23 9:11 p.m.•22 views

CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...

10AI score0.01551EPSS

Exploits1References1

OSV•added 2022/02/16 10:15 p.m.•2 views

CVE-2022-24981

A reflected cross-site scripting XSS vulnerability in forms generated by JQueryForm.com before 2022-02-05 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to admin.php...

6.1CVSS6.4AI score0.01026EPSS

Exploits0References3

NVD•added 2022/02/16 10:15 p.m.•28 views

CVE-2022-24982

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials...

6.5CVSS0.01187EPSS

Exploits0References3

Prion•added 2022/02/16 10:15 p.m.•18 views

Design/Logic Flaw

4CVSS6.3AI score0.01187EPSS

Exploits0References3Affected Software1

Prion•added 2022/02/16 10:15 p.m.•16 views

Cross site scripting

4.3CVSS5.9AI score0.01026EPSS

Exploits0References3Affected Software1

CVE•added 2022/02/16 9:3 p.m.•84 views

CVE-2022-24981

CVE-2022-24981 describes a reflected XSS in forms generated by JQueryForm.com prior to 2022-02-05. The vulnerability is triggered via the redirect parameter to admin.php, allowing remote attackers to inject arbitrary web script or HTML. Documents consistently identify the affected component as th...

6.1CVSS5.9AI score0.01026EPSS

Exploits0References3Affected Software1

OSV•added 2022/02/09 12:15 a.m.•2 views

CVE-2022-24676

updatecode in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive...

8.8CVSS7.4AI score0.01469EPSS

Exploits1References1

ATTACKERKB•added 2022/02/09 12:15 a.m.•4 views

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

9.8CVSS7.8AI score0.02335EPSS

Exploits1References2

NVD•added 2022/02/09 12:15 a.m.•15 views

CVE-2022-24676

updatecode in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive...

8.8CVSS0.01469EPSS

Exploits1References1

NVD•added 2022/02/09 12:15 a.m.•23 views

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

9.8CVSS0.02335EPSS

Exploits1References1

Prion•added 2022/02/09 12:15 a.m.•18 views

Remote code execution

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

7.5CVSS9.6AI score0.02335EPSS

Exploits1References1Affected Software1

CNNVD•added 2022/02/09 12:0 a.m.•5 views

HYBBS 代码问题漏洞

HYBBS is a lightweight community forum program. A code issue vulnerability exists in HYBBS2, which stems from the product Admin.php page not checking for uploaded files during updates. An attacker can use this vulnerability to upload a carefully crafted ZIP archive file. The following products an...

8.8CVSS8AI score0.01469EPSS

Exploits1References2

CVE•added 2022/02/08 11:48 p.m.•99 views

CVE-2022-24676

CVE-2022-24676 affects HYBBS2 up to version 2.3.2, where the update_code flow in Admin.php allows arbitrary file upload via a crafted ZIP archive. The root cause is described as the Admin.php page not validating uploaded files during updates, enabling potential file upload abuse. Public reference...

8.8CVSS8.5AI score0.01469EPSS

Exploits1References1Affected Software1

CVE•added 2022/02/08 11:48 p.m.•106 views

CVE-2022-24677

CVE-2022-24677 affects HYBBS2 up to version 2.3.2. Admin.php writes plugin-related configuration information to conf.php, enabling remote code execution. The vulnerability is triggered on the Admin.php page and has been characterized with high/severe impact (NVD CVSS v3.1: 9.8, CRITICAL; v2: 7.5,...

9.8CVSS9.5AI score0.02335EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/02/08 11:48 p.m.•33 views

CVE-2022-24677

Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php...

9.9AI score0.02335EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by