Lucene search
+L

69 matches found

nuclei
nuclei
added 13 hours ago138 views

Joomla! Component PrayerCenter 3.0.2 - SQL Injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...

9.8CVSS7AI score0.58373EPSS
Exploits6References4
nuclei
nuclei
added 13 hours ago24 views

Quest KACE SMA /common/run_cross_report.php 'fmt' XSS

The 'fmt' parameter of the '/common/runcrossreport.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. id: CVE-2018-11133 info: name: Quest KACE SMA /common/runcrossreport.php 'fmt' XSS author: iamnoooob,pdresearch severity: medium...

6.1CVSS6.6AI score0.07271EPSS
Exploits3References2
nuclei
nuclei
added 13 hours ago29 views

Intelbras NPLUG 1.0.0.14 - Authentication Bypass

Intelbras NPLUG 1.0.0.14 is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication by simply setting a cookie named "admin:". id: CVE-2018-12455 info: name: Intelbras NPLUG 1.0.0.14 - Authentication Bypass author: ritikchaddha severity: critical...

9.3CVSS7AI score0.05867EPSS
Exploits3References2
nuclei
nuclei
added 13 hours ago95 views

NagiosXI <= 5.4.12 logbook.php SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. id: CVE-2018-10737 info: name: NagiosXI = 5.4.12 logbook.php SQL injection author: DhiyaneshDK severity: high description: | A SQL injection issue was discovered in Nagios XI before 5.4....

7.2CVSS7AI score0.42556EPSS
Exploits2References2
nuclei
nuclei
added 13 hours ago60 views

NagiosXI <= 5.4.12 - SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. id: CVE-2018-10736 info: name: NagiosXI = 5.4.12 - SQL injection author: DhiyaneshDK severity: high description: | A SQL injection issue was discovered in Nagios XI before 5.4.13 via the...

7.2CVSS7AI score0.42556EPSS
Exploits2References3
nuclei
nuclei
added 13 hours ago49 views

Grav CMS <1.3.0 - Cross-Site Scripting

Grav CMS before 1.3.0 is vulnerable to cross-site scripting via system/src/Grav/Common/Twig/Twig.php and allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools. id: CVE-2018-5233 info: name: Grav CMS 1.3.0 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.5AI score0.03401EPSS
Exploits3References4
nuclei
nuclei
added 13 hours ago67 views

YzmCMS v3.6 - Cross-Site Scripting

In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. id: CVE-2018-7653 info: name: YzmCMS v3.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. impact: | Attackers can execute arbitrary JavaScript in...

6.1CVSS6.4AI score0.08686EPSS
Exploits5References5
nuclei
nuclei
added 13 hours ago60 views

node-srv - Local File Inclusion

node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path. id: CVE-2018-3714 info: name: node-srv - Local File Inclusion author: madrobot severity: medium description: node-srv is vulnerable to local fil...

6.5CVSS6.7AI score0.08632EPSS
Exploits1References5
nuclei
nuclei
added 13 hours ago33 views

Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion

Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the downloadfile parameter. id: CVE-2018-6008 info: name: Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion author: daffainfo severity: high description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to...

7.5CVSS7AI score0.36823EPSS
Exploits5References5
nuclei
nuclei
added 13 hours ago49 views

Acrolinx Server <5.2.5 - Local File Inclusion

Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability. id: CVE-2018-7719 info: name: Acrolinx Server 5.2.5 - Local File Inclusion author: 0xakoko severity: high description: | Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability. impact: |...

7.5CVSS7AI score0.48744EPSS
Exploits3References5
nuclei
nuclei
added 13 hours ago65 views

Atlassian Jira Confluence - Cross-Site Scripting

Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error messa...

6.1CVSS6.7AI score0.37611EPSS
Exploits0References5
nuclei
nuclei
added 13 hours ago104 views

Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting

The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. id: CVE-2018-3238 info: name: Oracle Fusion...

6.9CVSS6.8AI score0.04579EPSS
Exploits0References5
nuclei
nuclei
added 13 hours ago124 views

Ruby On Rails - Local File Inclusion

Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. id: CVE-2018-3760 info: name: Ruby On Rails - Local File Inclusio...

7.5CVSS7AI score0.26717EPSS
Exploits2References5
nuclei
nuclei
added 13 hours ago75 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar. id: CVE-2018-19752 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through 4.11.01 contains a...

4.8CVSS6.3AI score0.03316EPSS
Exploits6References4
nuclei
nuclei
added 13 hours ago39 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A PLC status disclosure exists due to lack of authentication for /html/devstat.html. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16670 info: name: CirCarLife 4.3 -...

5.3CVSS6.5AI score0.24568EPSS
Exploits5References5
nuclei
nuclei
added 13 hours ago73 views

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...

5.3CVSS6.5AI score0.17118EPSS
Exploits0References5
nuclei
nuclei
added 13 hours ago99 views

Joomla! JCK Editor SQL Injection

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. id: CVE-2018-17254 info: name: Joomla! JCK Editor SQL Injection author: SumanKar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection vi...

9.8CVSS7AI score0.82976EPSS
Exploits5References5
nuclei
nuclei
added 13 hours ago123 views

Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal

Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. id: CVE-2018-19365 info: name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal author: 0xAkoko severity: critical...

9.1CVSS7AI score0.22292EPSS
Exploits1References4
nuclei
nuclei
added 13 hours ago69 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters. id: CVE-2018-19892 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripti...

4.8CVSS6.3AI score0.01514EPSS
Exploits5References4
nuclei
nuclei
added 13 hours ago79 views

LogonTracer <=1.2.0 - Remote Command Injection

LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. id: CVE-2018-16167 info: name: LogonTracer =1.2.0 - Remote Command Injection author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execu...

10CVSS7.3AI score0.74745EPSS
Exploits3References5
Rows per page
Query Builder