Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-4678

Malware in sbrugna...

4CVSS6.4AI score0.01082EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3828

Malicious code in bioql PyPI...

4CVSS6.3AI score0.01687EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-38945

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00944EPSS
Exploits1References2
Veracode
Veracode
added 2023/05/10 12:52 p.m.15 views

Improper Access Control

thorsten/phpmyfaq is vulnerable to Improper Access Control. The vulnerability exists due to the lack of validation of email addresses in ajaxservice.php which allows an attacker to take over another account...

9.8CVSS8.8AI score0.00533EPSS
Exploits0References5Affected Software2
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.7 views

SourceCodester Billing Management System SQL注入漏洞

Sourcecodester The Electric Billing Management System is a simple web application used to manage customer billing for an electric provider company. A SQL injection vulnerability exists in SourceCodester Billing Management System version 1.0, which stems from a problem in the file ajaxservice.php,...

9.8CVSS7AI score0.00827EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.7 views

SiteServerCMS 安全漏洞

SSCMS SiteServerCMS SSCMS is an open source, cross-platform, enterprise-level content management system from China's SSCMS Corporation. A security vulnerability exists in SiteServerCMS version 5.X. The vulnerability stems from a remote download Getshell vulnerability via...

7.2CVSS5.6AI score0.00944EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.23 views

Moodle allows attackers to obtain sensitive information

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...

4CVSS5.9AI score0.01687EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.12 views

GHSA-FRHC-9HWC-X7J3 Moodle allows attackers to obtain sensitive information

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...

4CVSS5.5AI score0.01687EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:1 a.m.24 views

Security Bulletin: Information disclosure in IBM Business Process Manager (BPM) V8.5 document attachments search (CVE-2014-4759)

Summary IBM BPM document attachment queries can return document properties that contain sensitive information. Vulnerability Details CVE ID: CVE-2014-4759 DESCRIPTION: An Ajax service that is shipped with the Content Management toolkit allows users to search for IBM BPM document attachments from...

4CVSS0.4AI score0.01082EPSS
Exploits0Affected Software3
Prion
Prion
added 2015/06/01 7:59 p.m.12 views

Code injection

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...

4CVSS6.1AI score0.01687EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/06/01 7:0 p.m.22 views

CVE-2015-0211

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...

5.6AI score0.01687EPSS
Exploits0References3
NVD
NVD
added 2014/09/04 10:55 a.m.21 views

CVE-2014-4759

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager BPM 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results...

4CVSS5.6AI score0.01082EPSS
Exploits0References3
CVE
CVE
added 2014/09/04 10:0 a.m.46 views

CVE-2014-4759

IBM BPM 8.5.x through 8.5.5 is affected by CVE-2014-4759 due to an Ajax service in the Content Management toolkit that allows authenticated users to perform a document-attachment search and read document properties, potentially exposing sensitive information. The vulnerability arises because quer...

4CVSS5.8AI score0.01082EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/09/04 10:0 a.m.26 views

CVE-2014-4759

An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager BPM 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results...

5.6AI score0.01082EPSS
Exploits0References3
Rows per page
Query Builder