CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1046 matches found

exploitpack•added 2013/11/18 12:0 a.m.•11 views

TomatoCart 1.1.8.2 - class Local File Inclusion

TomatoCart 1.1.8.2 - class Local File Inclusion source: https://www.securityfocus.com/bid/63795/info TomatoCart is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

Exploits0

exploitpack•added 2013/10/09 12:0 a.m.•28 views

Bugzilla 4.2 - Tabular Reports Cross-Site Scripting

Bugzilla 4.2 - Tabular Reports Cross-Site Scripting source: https://www.securityfocus.com/bid/63205/info Bugzilla is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to steal cookie-based authentication...

4.3CVSS6AI score0.00296EPSS

Exploits3

Exploit DB•added 2013/10/09 12:0 a.m.•49 views

Bugzilla 4.2 - Tabular Reports Cross-Site Scripting

source: https://www.securityfocus.com/bid/63205/info Bugzilla is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to steal cookie-based authentication information, execute arbitrary client-side scripts in...

4.3CVSS6.4AI score0.00296EPSS

Exploits3

Atlassian•added 2013/10/08 5:0 a.m.•27 views

XSS in reorder panel

To reproduce: 1. Open a confluence instance in Firefox. 2. Create a space with key "TEST". 3. Create a page in that space called "alert0". 4. Create two pages with the page from step 3 as their parent. 5. Go to: code:none base...

0.5AI score

Exploits0Affected Software1

Japan Vulnerability Notes•added 2013/09/13 3:21 a.m.•1 views

ChamaCargo vulnerable to cross-site scripting

Overview ChamaCargo provided by ChamaNet is a system for creating shopping websites. ChamaCargo contains a cross-site scripting vulnerability. Koki Takahashi of Keiji Takeda Lab, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

4.3CVSS6.1AI score0.00254EPSS

Exploits0References5

OpenVAS•added 2013/06/20 12:0 a.m.•47 views

GLPI <= 0.83.7 LFI Vulnerability - Active Check

GLPI is prone to a local file include LFI vulnerability because it fails to adequately validate user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.1AI score

Exploits0References1

Prion•added 2013/04/24 10:28 a.m.•11 views

Design/Logic Flaw

The scripts editor in Cisco Unified Contact Center Express aka Unified CCX does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546...

5CVSS7.2AI score0.0025EPSS

Exploits0References1

Cvelist•added 2013/04/24 10:0 a.m.•12 views

CVE-2013-1214

6.8AI score0.0025EPSS

Exploits0References1

RedHat Linux•added 2013/01/31 7:41 p.m.•1 views

Jenkins: cross-site scripting vulnerability

Cross-site scripting XSS vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via...

3.5CVSS5.9AI score0.00105EPSS

Exploits0References4

Japan Vulnerability Notes•added 2012/12/06 12:0 a.m.•23 views

JVN#68830017: KENT-WEB ACCESS REPORT vulnerable to cross-site scripting

ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains an issue in the processing of access logs, which may lead to a cross-site scripting vulnerability. Note that this vulnerability is different from JVN23563149. Impact An arbitrary script may be...

4.3CVSS5.9AI score0.00254EPSS

Exploits0

exploitpack•added 2012/11/23 12:0 a.m.•28 views

Greenstone - Multiple Vulnerabilities

Greenstone - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/56662/info Greenstone is prone to the following security vulnerabilities: 1. A file-disclosure vulnerability 2. A cross-site scripting vulnerability 3. A security weakness 4. A security-bypass vulnerability Attackers...

0.5AI score

Exploits0

Exploit DB•added 2012/11/23 12:0 a.m.•32 views

Greenstone - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/56662/info Greenstone is prone to the following security vulnerabilities: 1. A file-disclosure vulnerability 2. A cross-site scripting vulnerability 3. A security weakness 4. A security-bypass vulnerability Attackers can exploit these issues to view local...

7.4AI score

Exploits0

exploitpack•added 2012/11/20 12:0 a.m.•9 views

openSIS 5.1 - ajax.php Local File Inclusion

openSIS 5.1 - ajax.php Local File Inclusion source: https://www.securityfocus.com/bid/56598/info openSIS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this vulnerability to obtain potentially sensitive...

7.4AI score

Exploits0

Exploit DB•added 2012/10/06 12:0 a.m.•18 views

Open Realty - 'select_users_lang' Local File Inclusion

source: https://www.securityfocus.com/bid/55834/info Open Realty is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts i...

7.4AI score

Exploits0

OSV•added 2012/08/27 9:55 p.m.•9 views

CVE-2012-2129

Cross-site scripting XSS vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action...

5.4AI score

Exploits0References11

exploitpack•added 2012/08/10 12:0 a.m.•13 views

GalaxyScripts Mini File Host and DaddyScripts Daddys File Host - Local File Inclusion

GalaxyScripts Mini File Host and DaddyScripts Daddys File Host - Local File Inclusion source: https://www.securityfocus.com/bid/54992/info GalaxyScripts Mini File Host and DaddyScripts Daddy's File Host are prone to a local file-include vulnerability because they fail to properly sanitize...

0.1AI score

Exploits0

0day.today•added 2012/05/18 12:0 a.m.•15 views

Cryptographp Local File Inclusion / HTTP Response Splitting

Exploit for php platform in category web applications During a security assessment, I’ve found that my target was using Cryptographp which is a PHP script used for generate « captchas ». It was easily noticeable when I’ve found the following URL: http://WWWW/cryptographp.inc.php?cfg=XX&sn=YYYY&ZZ...

7.1AI score

Exploits0

Japan Vulnerability Notes•added 2012/05/15 7:44 a.m.•2 views

WEB MART from KENT-WEB vulnerable to cross-site scripting

Overview WEB MART provided by KENT-WEB contains a cross-site scripting vulnerability. WEB MART provided by KENT-WEB is a system for creating shopping websites. WEB MART contains a vulnerability in handling cookies, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secu...

4.3CVSS5.8AI score0.00295EPSS

Exploits0References5

0day.today•added 2012/04/04 12:0 a.m.•22 views

Jogjacamp - Presistent XSS Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...

7.1AI score

Exploits0

0day.today•added 2012/04/01 12:0 a.m.•14 views

Crea-Boutique - Persistent XSS Vulnerability

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by