CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29542 matches found

Import Legacy Media <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4535 info: name: Import Legacy Media = 0.1 - Cross-Site...

6.1CVSS6.3AI score0.03802EPSS

Exploits2References4

Nuclei•added 7 hours ago•31 views

Podcast Channels < 0.28 - Cross-Site Scripting

The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. id: CVE-2014-4544 info: name: Podcast Channels 0.28 - Cross-Site Scripting author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was...

6.1CVSS6.1AI score0.02584EPSS

Exploits1References4

Nuclei•added 7 hours ago•32 views

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in remotereporter/loadlogfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-9607 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium...

6.1CVSS6.3AI score0.08963EPSS

Exploits1References4

Nuclei•added 7 hours ago•10 views

Sitecore CMS - Cross-Site Scripting

Sitecore CMS contains a cross-site scripting vulnerability via the "special way" of displaying XML Controls directly, which allows for a Cross Site Scripting Attack. id: CVE-2014-100004 info: name: Sitecore CMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | Sitecore CM...

4.3CVSS5.2AI score0.0033EPSS

Exploits1References3

Nuclei•added 7 hours ago•19 views

Cross RSS 1.7 - Local File Inclusion

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...

5CVSS7.9AI score0.00705EPSS

Exploits1References3

Nuclei•added 7 hours ago•36 views

Netsweeper 3.0.6 - Open Redirection

An open redirect vulnerability in remotereporter/loadlogfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. id: CVE-2014-9617 info: name: Netsweeper 3.0.6 - Open Redirection author:...

6.1CVSS6.5AI score0.26191EPSS

Exploits1References4

Nuclei•added 7 hours ago•19 views

WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting

A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the apiurl parameter. id: CVE-2014-4558 info: name: WooCommerce Swipe = 2.7.1 - Cross-Site...

6.1CVSS6.3AI score0.04411EPSS

Exploits2References4

Nuclei•added 7 hours ago•63 views

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting

A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. id: CVE-2014-2908 info: name: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting author:...

4.3CVSS5.4AI score0.6804EPSS

Exploits3References5

Nuclei•added 7 hours ago•21 views

WordPress Plugin Tera Charts - Local File Inclusion

Multiple local file inclusion vulnerabilities in Tera Charts tera-charts plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. dot dot in the fn parameter to 1 charts/treemap.php or 2 charts/zoomabletreemap.php. id: CVE-2014-4940 info: name: WordPress Plugin Tera Charts...

5CVSS7.9AI score0.42619EPSS

Exploits2References4

Nuclei•added 7 hours ago•21 views

Movies <= 0.6 - Cross-Site Scripting

A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...

6.1CVSS6.3AI score0.0161EPSS

Exploits2References4

Nuclei•added 7 hours ago•26 views

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. id: CVE-2014-9615 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium description: A...

6.1CVSS6.3AI score0.15696EPSS

Exploits1References4

Nuclei•added 7 hours ago•28 views

WordPress EasyCart <2.0.6 - Information Disclosure

WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. id: CVE-2014-4942 info: name: WordPress EasyCart 2.0.6 - Information Disclosur...

5CVSS5.5AI score0.02509EPSS

Exploits1References5

Nuclei•added 7 hours ago•27 views

Node.js st module Directory Traversal

A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path. id: CVE-2014-3744 info: name: Node.js st module Directory Traversal author: geeknik severity: high description: A...

7.5CVSS7.4AI score0.7817EPSS

Exploits0References5

Nuclei•added 7 hours ago•25 views

Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal

Directory traversal vulnerability in the Tom M8te tom-m8te plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. id: CVE-2014-5187 info: name: Tom M8te tom-m8te Plugin 1.5.3 - Directory Traversal author: DhiyaneshDK severity:...

5CVSS7.9AI score0.00232EPSS

Exploits1References2

Nuclei•added 7 hours ago•16 views

webEdition 6.3.8.0 - Directory Traversal

A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter. id: CVE-2014-5258 info: name: webEdition 6.3.8.0 - Directory Traversal author: daffainfo severity: medium...

4CVSS5.6AI score0.81201EPSS

Exploits6References5

Nuclei•added 7 hours ago•20 views

WP Planet <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in rss.class/scripts/magpiedebug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-4592 info: name: WP Planet = 0.1 - Cross-Site Scripting author:...

6.1CVSS6.3AI score0.03802EPSS

Exploits2References4

Nuclei•added 7 hours ago•18 views

Frontend Uploader <= 0.9.2 - Cross-Site Scripting

The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability. id: CVE-2014-9444 info: name: Frontend Uploader = 0.9.2 - Cross-Site Scripting author: daffainfo severity: medium description: The Frontend Uploader WordPress...

4.3CVSS5.4AI score0.03285EPSS

Exploits2References4

Nuclei•added 7 hours ago•86 views

Eyou E-Mail <3.6 - Remote Code Execution

Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php via the getloginipconfigfile function. id: CVE-2014-1203 info: name: Eyou E-Mail 3.6 - Remote Code Execution author: pikpik...

9.8CVSS8.2AI score0.56108EPSS

Exploits0References5

Nuclei•added 7 hours ago•19 views

Last.fm Rotation 1.0 - Path Traversal

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation lastfm-rotation plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the snode parameter. id: CVE-2014-5181 info: name: Last.fm Rotation 1.0 - Path Traversal author: DhiyaneshDK...

5CVSS5.7AI score0.00232EPSS

Exploits1

Nuclei•added 7 hours ago•40 views

WordPress RevSlider - Remote Code Execution via File Upload

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...

7.5CVSS5.8AI score0.82749EPSS

Exploits2References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by