CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Emuse - eServices / eNvoice SQL injection can be used in various ways ranging from bypassing login authentication or dumping the whole database to full RCE on the affected endpoints. The SQLi caused by CWE-209: Generation of Error Message Containig Sensetive Information, showing parts of the aspx...

10CVSS9.8AI score0.00192EPSS

Exploits0References1

Prion•added 2021/01/07 9:15 p.m.•8 views

Remote code execution

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...

7.5CVSS9.7AI score0.01302EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/01/07 8:45 p.m.•13 views

CVE-2019-18643

9.8AI score0.01302EPSS

Exploits1References1

NVD•added 2019/07/11 10:15 p.m.•15 views

CVE-2019-10935

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier All versions, SIMATIC PCS 7 V8.1 All versions V8.1 with WinCC V7.3 Upd 19, SIMATIC PCS 7 V8.2 All versions V8.2 SP1 with WinCC V7.4 SP1 Upd 11, SIMATIC PCS 7 V9.0 All versions V9.0 SP2 with WinCC V7.4 SP1 Upd11, SIMATIC WinCC...

7.2CVSS6.8AI score0.00517EPSS

Exploits0References1

Prion•added 2019/07/11 10:15 p.m.•20 views

Design/Logic Flaw

6.5CVSS6.7AI score0.00517EPSS

Exploits0References1Affected Software3

CVE•added 2019/07/11 9:17 p.m.•283 views

CVE-2019-10935

CVE-2019-10935 applies to Siemens SIMATIC WinCC/PCS7 family (PCS 7 v8.x/9.x and WinCC variants) where the WinCC DataMonitor web application allows an authenticated, network-accessible attacker to upload arbitrary ASPX code. The vulnerability enables unrestricted file upload without user interacti...

7.2CVSS6.7AI score0.00517EPSS

Exploits0References1Affected Software1

OSV•added 2019/07/05 9:11 p.m.•13 views

GHSA-958R-G534-CCMR MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation

madskristensen Miniblog.Core through 2019-01-16 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in Controllers/BlogController.cs writes a decoded base64 string to a file without validating the extension...

9.8CVSS9.8AI score0.00864EPSS

Exploits1References5

Prion•added 2019/06/14 8:29 p.m.•6 views

Design/Logic Flaw

madskristensen MiniBlog through 2018-05-18 allows remote attackers to execute arbitrary ASPX code via an IMG element with a data: URL, because SaveFilesToDisk in appcode/handlers/PostHandler.cs writes a decoded base64 string to a file without validating the extension...

6.5CVSS7.3AI score0.00808EPSS

Exploits1References2Affected Software1

CVE•added 2019/06/14 7:14 p.m.•317 views

CVE-2019-9842

CVE-2019-9842 affects madskristensen MiniBlog (through 2018-05-18). The root cause is in SaveFilesToDisk (app_code/handlers/PostHandler.cs), which writes a decoded base64 string to a file without validating the extension, enabling a remote attacker to execute arbitrary ASPX code via an IMG elemen...

7.2CVSS7.3AI score0.00808EPSS

Exploits1References2Affected Software1

Cvelist•added 2019/06/14 7:14 p.m.•15 views

CVE-2019-9842

7.4AI score0.00808EPSS

Exploits1References2

Veracode•added 2019/04/17 2:28 a.m.•14 views

Remote Code Execution (RCE)

MadsKristensen.AspNetCore.Miniblog is vulnerable to remote code execution. A remote attacker is able to execute arbitrary ASPX code by uploading a malicious IMG element with a data: URL, which will be executed when the SaveFilesToDisk function in Controllers/BlogController.cs writes a decoded...

9.8CVSS9.7AI score0.00864EPSS

Exploits1References2Affected Software1

Prion•added 2019/04/16 6:29 p.m.•11 views

Design/Logic Flaw

7.5CVSS9.7AI score0.00864EPSS

Exploits1References2Affected Software1

Cvelist•added 2019/04/16 5:53 p.m.•12 views

CVE-2019-9845

9.8AI score0.00864EPSS

Exploits1References2

Rows per page