Lucene search
K

29543 matches found

Nuclei
Nuclei
added yesterday24 views

Sitecore CMS - Cross-Site Scripting

Sitecore CMS contains a cross-site scripting vulnerability via the "special way" of displaying XML Controls directly, which allows for a Cross Site Scripting Attack. id: CVE-2014-100004 info: name: Sitecore CMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | Sitecore CM...

4.3CVSS6AI score0.02016EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday23 views

Netsweeper 4.0.8 - Directory Traversal

A directory traversal vulnerability in webadmin/reporter/viewserverlog.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. dot dot in the log parameter in a stats action. id: CVE-2014-9609 info: name: Netsweeper...

5.3CVSS6.2AI score0.10619EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday26 views

Import Legacy Media <= 0.1 - Cross-Site Scripting

A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4535 info: name: Import Legacy Media = 0.1 - Cross-Site...

6.1CVSS6.5AI score0.03983EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday51 views

Netsweeper - Authentication Bypass

The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. id: CVE-2014-9618 info: name: Netsweeper - Authentication...

9.8CVSS7.2AI score0.73312EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday27 views

WordPress Plugin Tera Charts - Local File Inclusion

Multiple local file inclusion vulnerabilities in Tera Charts tera-charts plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. dot dot in the fn parameter to 1 charts/treemap.php or 2 charts/zoomabletreemap.php. id: CVE-2014-4940 info: name: WordPress Plugin Tera Charts...

5CVSS7.2AI score0.18734EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday46 views

WordPress EasyCart <2.0.6 - Information Disclosure

WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. id: CVE-2014-4942 info: name: WordPress EasyCart 2.0.6 - Information Disclosur...

5CVSS6.1AI score0.0437EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday24 views

Frontend Uploader <= 0.9.2 - Cross-Site Scripting

The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability. id: CVE-2014-9444 info: name: Frontend Uploader = 0.9.2 - Cross-Site Scripting author: daffainfo severity: medium description: The Frontend Uploader WordPress...

4.3CVSS6.1AI score0.06701EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday49 views

Belkin N150 Router 1.00.08/1.00.09 - Path Traversal

A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. id: CVE-2014-2962 info: name: Belkin N150 Router 1.00.08/1.00.09 - Path Traversa...

7.8CVSS6.2AI score0.47095EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday43 views

HTTP File Server <2.3c - Remote Command Execution

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full...

10CVSS7.3AI score0.99323EPSS
Exploits23References5
Nuclei
Nuclei
added yesterday28 views

Cross RSS 1.7 - Local File Inclusion

Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...

5CVSS7.2AI score0.04306EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday47 views

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in remotereporter/loadlogfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-9607 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium...

6.1CVSS6.5AI score0.05452EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday35 views

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. id: CVE-2014-9615 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium description: A...

6.1CVSS6.5AI score0.03705EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday25 views

WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting

A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the apiurl parameter. id: CVE-2014-4558 info: name: WooCommerce Swipe = 2.7.1 - Cross-Site...

6.1CVSS6.5AI score0.04055EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday25 views

Last.fm Rotation 1.0 - Path Traversal

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation lastfm-rotation plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the snode parameter. id: CVE-2014-5181 info: name: Last.fm Rotation 1.0 - Path Traversal author: DhiyaneshDK...

5CVSS6.2AI score0.04259EPSS
Exploits1
Nuclei
Nuclei
added yesterday68 views

webEdition 6.3.8.0 - Directory Traversal

A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter. id: CVE-2014-5258 info: name: webEdition 6.3.8.0 - Directory Traversal author: daffainfo severity: medium...

4CVSS6.2AI score0.19764EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday68 views

WordPress RevSlider - Remote Code Execution via File Upload

The ThemePunch Slider Revolution revslider plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to 1 upload and execute arbitrary files via an updateplugin...

7.5CVSS6.3AI score0.75256EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday30 views

Movies <= 0.6 - Cross-Site Scripting

A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...

6.1CVSS6.5AI score0.03983EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday55 views

Node.js st module Directory Traversal

A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path. id: CVE-2014-3744 info: name: Node.js st module Directory Traversal author: geeknik severity: high description: A...

7.5CVSS7.1AI score0.34012EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday37 views

Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal

Directory traversal vulnerability in the Tom M8te tom-m8te plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php. id: CVE-2014-5187 info: name: Tom M8te tom-m8te Plugin 1.5.3 - Directory Traversal author: DhiyaneshDK severity:...

5CVSS7.1AI score0.04718EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday49 views

Netsweeper 3.0.6 - Open Redirection

An open redirect vulnerability in remotereporter/loadlogfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. id: CVE-2014-9617 info: name: Netsweeper 3.0.6 - Open Redirection author:...

6.1CVSS6.5AI score0.08013EPSS
Exploits1References4
Rows per page
Query Builder