Lucene search
K

163 matches found

OSV
OSV
added 2020/05/28 4:15 a.m.5 views

CVE-2020-13641

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

8.8CVSS7.3AI score0.00809EPSS
Exploits2References2
NVD
NVD
added 2020/05/28 4:15 a.m.27 views

CVE-2020-13641

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

8.8CVSS8.7AI score0.00809EPSS
Exploits2References2
Prion
Prion
added 2020/05/28 4:15 a.m.16 views

Design/Logic Flaw

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

6.8CVSS8.6AI score0.00809EPSS
Exploits2References2Affected Software1
ThreatPost
ThreatPost
added 2020/04/28 3:8 p.m.511 views

WordPress Plugin Bug Opens 100K Websites to Compromise

A high-severity cross-site request forgery CSRF vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site. According to research from Wordfence releas...

9.4AI score0.26869EPSS
Exploits1References10
wpexploit
wpexploit
added 2020/04/27 12:0 a.m.27 views

Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email...

6.8CVSS0.1AI score0.00809EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2020/04/27 12:0 a.m.19 views

Real-Time Find and Replace < 4.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

This flaw could allow any user to inject malicious Javascript anywhere on a site if they could trick a site’s administrator into performing an action, like clicking on a link in a comment or email. PoC...

6.8CVSS1.9AI score0.00809EPSS
Exploits2References2Affected Software1
Wired Threat Level
Wired Threat Level
added 2019/12/10 12:0 p.m.11 views

The FCC's Push to Purge Huawei From US Networks

The rural carriers who rely on Huawei are wary of a costly “rip and replace” effort...

1.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/12/10 8:0 a.m.55 views

Description of the security update for Excel 2016: December 10, 2019

Description of the security update for Excel 2016: December 10, 2019 Summary This security update resolves an information disclosure vulnerability that exists if Microsoft Excel incorrectly discloses the contents of its memory. To learn more about the vulnerability, see Microsoft Common...

5.5CVSS4.9AI score0.08123EPSS
Exploits0
Prion
Prion
added 2019/08/14 5:15 p.m.18 views

Design/Logic Flaw

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

6CVSS6.4AI score0.0132EPSS
Exploits2References2Affected Software1
Carbon Black Blog
Carbon Black Blog
added 2019/05/15 3:0 p.m.40 views

Three Common Questions (and Answers) About Next-Gen AV

Most organizations with traditional, or legacy, antivirus AV solutions are well aware that they are no longer protected from the more advanced tactics and threats of attackers today. Signatures just can’t keep up with emerging threats. But that doesn’t mean that everyone is ready to dive head fir...

0.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2017/04/14 12:0 a.m.9 views

Real Time Find and Replace <= 3.8 - Cross-Site Scripting (XSS)

The Real-Time Find and Replace WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

1.5AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/07/20 12:0 a.m.35 views

phpMyAdmin 4.0.10.x < 4.0.10.16 / 4.4.15.x < 4.4.15.7 / 4.6.x < 4.6.3 Multiple Vulnerabilities

Binary data 9400.prm...

9.8CVSS7.3AI score0.81373EPSS
Exploits8References19
OSV
OSV
added 2016/07/03 1:59 a.m.1 views

DEBIAN-CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS9AI score0.81373EPSS
Exploits8References1
OSV
OSV
added 2016/07/03 1:59 a.m.8 views

UBUNTU-CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS7.6AI score0.81373EPSS
Exploits8References3
UbuntuCve
UbuntuCve
added 2016/07/03 1:59 a.m.49 views

CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS7.4AI score0.81373EPSS
Exploits8References2
Cvelist
Cvelist
added 2016/07/03 1:0 a.m.34 views

CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.6AI score0.81373EPSS
Exploits8References6
Debian CVE
Debian CVE
added 2016/07/03 1:0 a.m.43 views

CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

9.8CVSS9.7AI score0.81373EPSS
Exploits8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

PHPnuke 8.2 - Remote Upload File Exploit

Title : PHPnuke 8.2 Remote Upload File Exploit Author : Net.Edit0r Location : Iran Dork : "POWERED BY PHPNUKE.IR" Category : Remote Email : [email protected] [email protected] Special Thanks To :NetQurd For help in finding bugs Email :[email protected] InformatioN 1.Save code html format ...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/10/28 12:0 a.m.38 views

Linksys Multiple Vulnerabilities (OF, DoS, more)

The remote host appears to be a Linksys WRT54G Wireless Router. The firmware version installed on the remote host is prone to several flaws: - Execute arbitrary commands on the affected router with root privilages. CVE-2005-2916 - Download and replace the configuration of affected routers via a...

7.5CVSS5.9AI score0.70753EPSS
Exploits8References10
0day.today
0day.today
added 2005/01/24 12:0 a.m.18 views

Funduc Search and Replace Compressed File Local BoF Exploit

Exploit for unknown platform in category local exploits =========================================================== Funduc Search and Replace Compressed File Local BoF Exploit =========================================================== / Search and Replace Compressed File search Local Buffer...

6.8AI score
Exploits0
Rows per page
Query Builder