Lucene search
K

93 matches found

BDU FSTEC
BDU FSTEC
added 2020/12/15 12:0 a.m.3 views

The vulnerability of Adobe Experience Manager’s content and media management system lies in its lack of protection for website structures. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser through a specially created websi...

9CVSS6.3AI score0.01845EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2020/09/29 7:26 p.m.3 views

httpd: mod_rewrite potential open redirect

A vulnerability was discovered in Apache httpd, in modrewrite. Certain self-referential modrewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers...

6.1CVSS7.1AI score0.73981EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/03/18 2:47 p.m.27 views

CVE-2019-10146

A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...

4.7CVSS5.6AI score0.00661EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/21 12:0 a.m.1 views

NOTI?FIRE?NET Web Server Authentication Bypass Vulnerability

NOTI?FIRE?NET Web Server is a web-based HTML server that allows you to remotely access the NOTI?FIRE?NET network via the Internet or Intranet. An authentication bypass vulnerability exists in NOTI?FIRE?NET Web Server 3.50 and earlier versions. An attacker could exploit this vulnerability to bypas...

9.1CVSS6.8AI score0.01325EPSS
Exploits0References1
OSV
OSV
added 2019/12/30 8:15 p.m.2 views

CVE-2018-7859

A security vulnerability in D-Link DGS-1510-series switches with firmware 1.20.011, 1.30.007, 1.31.B003 and older that may allow a remote attacker to inject malicious scripts in the device and execute commands via browser that is configuring the unit...

6.1CVSS5.9AI score0.0146EPSS
Exploits0References1
OSV
OSV
added 2019/07/26 12:15 a.m.2 views

CVE-2019-1010147

Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. The impact is: Victim attacked and access admin functionality through their browser and control browser. The component is: MIAdminStyles.i4. The attack vector is: Victims are...

5.4CVSS5.6AI score
Exploits0References1
Hacker One
Hacker One
added 2019/02/09 1:32 a.m.27 views

HackerOne: Partial report contents leakage - via HTTP/2 concurrent stream handling

Summary: The concurrent handling of HTTP/2 streams allows for a "timeless timing attack": instead of timing, the ordering of responses is used, making the attack resilient to network jitter. As the /bugs.json endpoint takes slightly longer to process when a query returns results, it is possible t...

6.5AI score
Exploits0
OSV
OSV
added 2018/12/26 9:29 p.m.2 views

CVE-2018-19615

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user’s web browser to gain access to the affected device...

6.1CVSS6AI score0.033EPSS
Exploits1References5
Prion
Prion
added 2018/09/12 2:29 p.m.17 views

Sql injection

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...

6.5CVSS8.8AI score0.00919EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/12 2:0 p.m.23 views

CVE-2018-3883

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sortorder parameter can be used to perform an SQL injection attack. An attacker can use a browser ...

5.4CVSS8.9AI score0.00919EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2018/09/06 5:29 p.m.23 views

CVE-2018-1000665

Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...

6.1CVSS6.5AI score0.01286EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/09/06 5:0 p.m.22 views

CVE-2018-1000665

Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...

7.3AI score0.01286EPSS
Exploits0References2
Veracode
Veracode
added 2018/08/24 1:50 a.m.11 views

Rosetta Flash JSONP Vulnerability

WebApiContrib.Formatting.Jsonp is affected by the Rosetta flash JSONP vulnerability. The WriteToStreamAsync function in JsonpMediaTypeFormatter.cs allows printable characters from the callback parameter but is not able determine if the parameter contains a Flash file. An attacker will be able to...

6.5AI score
Exploits0
UbuntuCve
UbuntuCve
added 2018/06/01 7:29 p.m.21 views

CVE-2018-11195

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara...

6.8CVSS6.8AI score0.00521EPSS
Exploits1References3
NVD
NVD
added 2018/06/01 7:29 p.m.13 views

CVE-2018-11195

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara...

6.8CVSS6.5AI score0.00521EPSS
Exploits1References2
OSV
OSV
added 2018/06/01 7:29 p.m.11 views

CVE-2018-11195

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara...

6.8CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2018/06/01 7:0 p.m.17 views

CVE-2018-11195

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara...

6.7AI score0.00521EPSS
Exploits1References2
CNVD
CNVD
added 2017/12/21 12:0 a.m.2 views

TYPO3 Recommend Page Extension Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the TYPO3 Recommend Page extension due to the program failing to properly filter user-supplied input. An attacker could use the...

6.7AI score
Exploits0References1
Packet Storm
Packet Storm
added 2017/12/07 12:0 a.m.24 views

WordPress Crowd Ideas 1.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Crowd Ideas 1.0 Crowd Ideas is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

7.4AI score
Exploits0
Gitee
Gitee
added 2017/09/07 10:5 a.m.6 views

Exploit for Buffer Underflow in Microsoft

github 军火库 web,安全,渗透,军火库 漏洞及渗透练习平台: WebGoat漏洞练习环境 https://github.com/WebGoat/WebGoat https://github.com/WebGoat/WebGoat-Legacy Damn Vulnerable Web Application漏洞练习平台 https://github.com/RandomStorm/DVWA 数据库注入练习平台 https://github.com/Audi-1/sqli-labs 用node编写的漏洞练习平台,like OWASP Node Goat...

9.3CVSS7.5AI score0.89557EPSS
Exploits25
Rows per page
Query Builder