CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

69 matches found

Loytec LGATE-902 <6.4.2 - Local File Inclusion

Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability. id: CVE-2018-14916 info: name: Loytec LGATE-902 6.4.2 - Local File Inclusion author: 0xAkoko severity: critical description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion...

9.4CVSS7.8AI score0.67293EPSS

Exploits3References5

Nuclei•added 16 hours ago•25 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar. id: CVE-2018-19752 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through 4.11.01 contains a...

4.8CVSS5.7AI score0.00236EPSS

Exploits6References4

Nuclei•added 16 hours ago•26 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters. id: CVE-2018-19892 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripti...

4.8CVSS5.7AI score0.01183EPSS

Exploits5References4

Nuclei•added 16 hours ago•37 views

LogonTracer <=1.2.0 - Remote Command Injection

LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. id: CVE-2018-16167 info: name: LogonTracer =1.2.0 - Remote Command Injection author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execu...

10CVSS8.2AI score0.87006EPSS

Exploits3References5

Nuclei•added 16 hours ago•55 views

DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution

DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code. id: CVE-2018-7700 info: name: DedeCMS 5.7SP2 - Cross-Site...

8.8CVSS8AI score0.93235EPSS

Exploits1References5

Nuclei•added 16 hours ago•21 views

Etherpad Lite <1.6.4 - Admin Authentication Bypass

Etherpad Lite before 1.6.4 is exploitable for admin access. id: CVE-2018-9845 info: name: Etherpad Lite 1.6.4 - Admin Authentication Bypass author: philippedelteil severity: critical description: Etherpad Lite before 1.6.4 is exploitable for admin access. impact: | An attacker can bypass the admi...

9.8CVSS7.8AI score0.7723EPSS

Exploits0References5

Nuclei•added 16 hours ago•15 views

YzmCMS v3.6 - Cross-Site Scripting

In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. id: CVE-2018-7653 info: name: YzmCMS v3.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. impact: | Attackers can execute arbitrary JavaScript in...

6.1CVSS6.2AI score0.01096EPSS

Exploits5References5

Nuclei•added 16 hours ago•26 views

Seagate NAS OS 4.3.15.1 - Server Information Disclosure

Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.getinfos. id: CVE-2018-12296 info: name: Seagate NAS OS 4.3.15.1 - Server Information...

7.5CVSS7.2AI score0.73135EPSS

Exploits1References3

Nuclei•added 16 hours ago•27 views

Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion

Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the downloadfile parameter. id: CVE-2018-6008 info: name: Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion author: daffainfo severity: high description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to...

7.5CVSS7.2AI score0.76031EPSS

Exploits5References5

Nuclei•added 16 hours ago•17 views

Quest KACE SMA /common/run_cross_report.php 'fmt' XSS

The 'fmt' parameter of the '/common/runcrossreport.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. id: CVE-2018-11133 info: name: Quest KACE SMA /common/runcrossreport.php 'fmt' XSS author: iamnoooob,pdresearch severity: medium...

6.1CVSS6.5AI score0.00048EPSS

Exploits3References2

Nuclei•added 16 hours ago•14 views

Intelbras NPLUG 1.0.0.14 - Authentication Bypass

Intelbras NPLUG 1.0.0.14 is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication by simply setting a cookie named "admin:". id: CVE-2018-12455 info: name: Intelbras NPLUG 1.0.0.14 - Authentication Bypass author: ritikchaddha severity: critical...

9.3CVSS7.5AI score0.02742EPSS

Exploits3References2

Nuclei•added 16 hours ago•16 views

Orange Forum 1.4.0 - Open Redirect

Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-14474 info: nam...

6.1CVSS6.3AI score0.01625EPSS

Exploits1References5

Nuclei•added 16 hours ago•20 views

SV3C HD Camera L Series - Open Redirect

SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtai...

6.1CVSS6.5AI score0.08842EPSS

Exploits1References5

Nuclei•added 16 hours ago•29 views

Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting

Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting. id: CVE-2018-10141 info: name: Palo Alto Networks PAN-OS GlobalProtect 8.1.4 - Cross-Site Scripting autho...

6.1CVSS5.9AI score0.44152EPSS

Exploits0References4

Nuclei•added 16 hours ago•18 views

Centos Web Panel 0.9.8.480 - Local File Inclusion

Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version. id: CVE-2018-18323 info: name: Centos Web Panel 0.9.8.480 - Local File Inclusion author:...

7.5CVSS7.7AI score0.78382EPSS

Exploits2References5

Nuclei•added 16 hours ago•34 views

DotCMS < 5.0.2 - Open Redirect

dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify...

6.1CVSS6.3AI score0.10795EPSS

Exploits1References3

Nuclei•added 16 hours ago•25 views

node-srv - Local File Inclusion

node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path. id: CVE-2018-3714 info: name: node-srv - Local File Inclusion author: madrobot severity: medium description: node-srv is vulnerable to local fil...

6.5CVSS6.8AI score0.72599EPSS

Exploits1References5

Nuclei•added 16 hours ago•19 views

Zoho manageengine - Cross-Site Scripting

Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the...

6.1CVSS5.8AI score0.54113EPSS

Exploits3References4

Nuclei•added 16 hours ago•16 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field. id: CVE-2018-1000856 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to cross-site scripting via the...

4.8CVSS5.2AI score0.0104EPSS

Exploits1References3

Nuclei•added 16 hours ago•16 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A PLC status disclosure exists due to lack of authentication for /html/devstat.html. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16670 info: name: CirCarLife 4.3 -...

5.3CVSS6.4AI score0.45583EPSS

Exploits5References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by