CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4774 matches found

FreeBSD•added 2013/11/30 12:0 a.m.•37 views

redis -- sensitive information leak through command history file

Redis team reports: The redis-cli history file in linenoise is created with the default OS umask value which makes it world readable in most systems and could potentially expose authentication credentials to other users...

3.3CVSS4.9AI score0.00484EPSS

Exploits0References2

RedHat Linux•added 2013/11/20 7:31 p.m.•29 views

Moderate: Red Hat Security Advisory: libguestfs security, bug fix, and enhancement update

Updated libguestfs packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

6.8CVSS5.8AI score0.00754EPSS

Exploits0References28

OpenVAS•added 2013/11/07 12:0 a.m.•26 views

BoltWire <= 3.5 Multiple XSS Vulnerabilities

BoltWire is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6AI score0.0215EPSS

Exploits3References4

OpenVAS•added 2013/11/05 12:0 a.m.•23 views

Feng Office ref_XXX XSS Vulnerability

Feng Office is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS5.6AI score0.0096EPSS

Exploits3References5

OpenVAS•added 2013/10/29 12:0 a.m.•16 views

MODX CMS < 2.3.0 XSS Vulnerability - Active Check

MODX CMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6AI score

Exploits0References4

OpenVAS•added 2013/10/08 12:0 a.m.•13 views

Icy Phoenix Multiple Cross-Site Scripting Vulnerability

Icy Phoenix is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.2AI score

Exploits0References5

Tenable Nessus•added 2013/10/04 12:0 a.m.•34 views

Mac OS X 10.8 < 10.8.5 Supplemental Update

The remote host is running a version of Mac OS X 10.8 that is missing the OS X v10.8.5 Supplemental Update. This update fixes a logic issue in verification of authentication credentials by Directory Services, which could otherwise allow a local attacker to bypass password validation. TRUSTED...

6.6CVSS5.5AI score0.00375EPSS

Exploits0References4

exploitpack•added 2013/09/27 12:0 a.m.•11 views

FreeSMS - pagescrc_handler.php?scheduleid SQL Injection

FreeSMS - pagescrchandler.php?scheduleid SQL Injection source: https://www.securityfocus.com/bid/63004/info FreeSMS is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit these...

0.3AI score

Exploits0

Exploit DB•added 2013/09/27 12:0 a.m.•31 views

FreeSMS - '/pages/crc_handler.php?scheduleid' SQL Injection

source: https://www.securityfocus.com/bid/63004/info FreeSMS is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary code in the context of the...

7.4AI score

Exploits0

OpenVAS•added 2013/09/27 12:0 a.m.•49 views

OTRS ITSM Multiple Input Validation Vulnerability (OSA-2013-05)

Open Ticket Request System OTRS and OTRS:ITSM are prone to multiple input validation vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

8.8CVSS7.1AI score0.01322EPSS

Exploits0References4

OpenVAS•added 2013/09/25 12:0 a.m.•38 views

OTRS Email Body XSS Vulnerability (OSA-2012-03)

Open Ticket Request System OTRS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS6.6AI score0.05792EPSS

Exploits2References7

exploitpack•added 2013/09/23 12:0 a.m.•27 views

SilverStripe CMS - Multiple HTML Injection Vulnerabilities

SilverStripe CMS - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/62782/info SilverStripe is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in th...

0.7AI score

Exploits0

0day.today•added 2013/08/16 12:0 a.m.•34 views

WordPress Trafficanalyzer Plugin XSS Vulnerability

WordPress Trafficanalyzer Plugin is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

6.8AI score

Exploits0

exploitpack•added 2013/08/16 12:0 a.m.•14 views

AlgoSec Firewall Analyzer - Cross-Site Scripting

AlgoSec Firewall Analyzer - Cross-Site Scripting source: https://www.securityfocus.com/bid/61733/info AlgoSec Firewall Analyzer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...

6.8AI score

Exploits0

exploitpack•added 2013/08/13 12:0 a.m.•15 views

DotNetNuke 6.1.x - Cross-Site Scripting

DotNetNuke 6.1.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/61770/info DotNetNuke is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser o...

6.8AI score

Exploits0

Packet Storm•added 2013/08/12 12:0 a.m.•33 views

IBM Advanced Management Module Cross Site Scripting

Title: ====== IBM Advanced Management Module Cross-Site Scripting XSS CVE-ID: ======= CVE-2013-4007 Timeline: ========= 2013-06-10 Vulnerability discovered 2013-06-10 Reported to IBM Product Security Incident Response Team 2013-06-11 Vendor responded 2013-08-12 Official advisory and fix from IBM...

3.5CVSS0.2AI score0.00765EPSS

Exploits1

exploitpack•added 2013/07/24 12:0 a.m.•21 views

Magnolia CMS - Multiple Cross-Site Scripting Vulnerabilities

Magnolia CMS - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/61423/info Magnolia CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

0.1AI score

Exploits0

Exploit DB•added 2013/07/24 12:0 a.m.•49 views

WordPress Plugin Duplicator - Cross-Site Scripting

source: https://www.securityfocus.com/bid/61425/info The Duplicator plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecti...

7.4AI score

Exploits0

exploitpack•added 2013/07/22 12:0 a.m.•14 views

Collabtive - Multiple Vulnerabilities

Collabtive - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/61384/info Collabtive is prone to multiple cross-site scripting vulnerabilities, an arbitrary file upload vulnerability, and a security-bypass vulnerability because it fails to sufficiently sanitize user-supplied data...

0.3AI score

Exploits0

exploitpack•added 2013/07/17 12:0 a.m.•18 views

Barracuda CudaTel - Multiple Cross-Site Scripting Vulnerabilities

Barracuda CudaTel - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/61353/info Barracuda CudaTel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

0.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by