CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-16347

Malware in sbrugna...

6.1CVSS6.3AI score0.0031EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 4:24 a.m.•1 views

SUSE CVE-2018-16477

A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...

6.5CVSS6.6AI score0.0026EPSS

Exploits1References3

Hacker One•added 2020/04/11 5:51 p.m.•16 views

Uber: Cookie Bombing cause DOS - businesses.uber.com

Cookie Bombing cause DOS on businesses.uber.com...

1.8AI score

Exploits0

OSV•added 2018/12/05 5:17 p.m.•11 views

GHSA-7RR7-RCJW-56VJ Exposure of Sensitive Information to an Unauthorized Actor in activestorage

6.5CVSS6.3AI score0.0026EPSS

Exploits1References4

OSV•added 2018/11/30 7:29 p.m.•16 views

CVE-2018-16477

6.5CVSS6.6AI score

Exploits0References2

UbuntuCve•added 2018/11/30 7:29 p.m.•10 views

CVE-2018-16477

6.5CVSS6.6AI score0.0026EPSS

Exploits1References2

OSV•added 2018/11/30 7:29 p.m.•1 views

DEBIAN-CVE-2018-16477

6.5CVSS6.6AI score0.0026EPSS

Exploits1References1

Prion•added 2018/11/30 7:29 p.m.•11 views

Design/Logic Flaw

4.3CVSS6.4AI score0.0026EPSS

Exploits1References2Affected Software1

Cvelist•added 2018/11/30 7:0 p.m.•13 views

CVE-2018-16477

6.3AI score0.0026EPSS

Exploits1References2

CVE•added 2018/11/30 7:0 p.m.•91 views

CVE-2018-16477

CVE-2018-16477 describes a bypass vulnerability in Rails Active Storage (version >= 5.2.0) for Google Cloud Storage and the Disk service. The issue allows an attacker to modify the content-disposition and content-type parameters, enabling inline execution of HTML files. When combined with othe...

6.5CVSS6.2AI score0.0026EPSS

Exploits1References2Affected Software1

GitLab Advisory Database•added 2018/11/30 12:0 a.m.•18 views

Exposure of Sensitive Information to an Unauthorized Actor

A bypass vulnerability in Active Storage for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie...

6.5CVSS1.9AI score0.0026EPSS

Exploits1References3Affected Software1

Hacker One•added 2018/09/07 8:39 p.m.•30 views

Ruby on Rails: ActiveStorage service's signed URLs can be hijacked via AppCache+Cookie stuffing trick when using GCS or DiskService

ActiveStorage tries to force content-disposition: attachment for a list of content-types, including text/html. However, response-content-type and response-content-disposition in GCS and DiskService's URLs aren't signed, which means an attacker can modify them at will. This is not the case for Azu...

4.3CVSS1.4AI score0.0026EPSS

Exploits1

Hacker One•added 2017/10/19 2:57 p.m.•21 views

Infogram: No Rate Limit on account deletion request(Leads to huge email flooding/email bombing)

Dear sir, At first,i want to say that this sensitive action definitely should be set with rate limit. Note:-This is about huge bombing/brute force on any endpoints. Vulnerability:- -No rate limit has been set for generating account deletion emails for accounts on above selected domain. -As there ...

7.2AI score

Exploits0

OpenVAS•added 2017/04/06 12:0 a.m.•46 views

MODX CMS 2.x < 2.5.5 Multiple Vulnerabilities

MODX CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:modx:revolution"; ifdescription...

9.8CVSS7.1AI score0.02182EPSS

Exploits5References3

CNVD•added 2017/04/01 12:0 a.m.•3 views

MODX Revolution 'setup/controllers/language.php' file HTTP response splitting vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A security vulnerability exists in the setup/controllers/language.php file in MODX Revolution 2.5.4-pl a...

6.1CVSS6.8AI score0.0031EPSS

Exploits1References1

NVD•added 2017/03/30 7:59 a.m.•13 views

CVE-2017-7320

setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service cookie quota exhaustion, or conduct HTTP Response Splitting attacks with resulta...

6.1CVSS6.3AI score0.0031EPSS

Exploits1References2

Prion•added 2017/03/30 7:59 a.m.•17 views

Code injection

4.3CVSS6.2AI score0.0031EPSS

Exploits1References2Affected Software1

OSV•added 2017/03/30 7:59 a.m.•16 views

CVE-2017-7320

6.1CVSS7AI score

Exploits0References2

Cvelist•added 2017/03/30 7:0 a.m.•12 views

CVE-2017-7320

6.8AI score0.0031EPSS

Exploits1References2

CVE•added 2017/03/30 7:0 a.m.•47 views

CVE-2017-7320

MODX Revolution 2.5.4-pl and earlier are affected by a vulnerability in setup/controllers/language.php where the language parameter is not properly constrained. An attacker can supply an invalid value to trigger a Cookie-Bombing denial of service (cookie quota exhaustion) and can also perform HTT...

6.1CVSS6.4AI score0.0031EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by