Lucene search
+L

140 matches found

Nuclei
Nuclei
added 19 hours ago26 views

SRS Simple Hits Counter 1.0.3-1.0.4 - Unauthenticated Blind SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields. id: CVE-2020-5766 info: name: SRS Simple Hits Counter 1.0.3-1.0.4...

7.5CVSS7.8AI score0.06953EPSS
Exploits3References2
Nuclei
Nuclei
added 19 hours ago31 views

WP Hotel Booking < 1.10.4 - PHP Object Injection

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php. id: CVE-2020-29047 info: name: WP Hotel Booking 1.10.4 - PHP Object...

9.8CVSS9.1AI score0.16017EPSS
Exploits2References3
Nuclei
Nuclei
added 19 hours ago41 views

INTELBRAS TELEFONE IP TIP200 60.61.75.22 - Local File Inclusion

INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 is vulnerable to information disclosure, allowing unauthenticated attackers to access sensitive device information and configuration data via a direct request to the /cgi-bin/exportsettings.sh endpoint. id: CVE-2020-24285 info: name: INTELBRAS...

7.5CVSS7.3AI score0.04497EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago90 views

phpMyAdmin 5.0.2 - CRLF Injection

phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable. id: CVE-2020-11441 info: name: phpMyAdmin 5.0.2 - CRLF Injecti...

6.1CVSS7AI score0.02312EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago96 views

IncomCMS 2.0 - Arbitrary File Upload

IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server. id: CVE-2020-29597 info: name: IncomCMS 2.0 - Arbitrary File Upload author: princechaddha severity: critical description: |...

9.8CVSS8.3AI score0.71006EPSS
Exploits3References5
Nuclei
Nuclei
added 19 hours ago74 views

Puppet Server/PuppetDB - Sensitive Information Disclosure

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. id: CVE-2020-7943 info: name: Puppet Server/PuppetDB - Sensitive Information Disclosure author: c-sh0 severity: high...

7.5CVSS7.4AI score0.07884EPSS
Exploits0References5
Nuclei
Nuclei
added 19 hours ago79 views

exacqVision Web Service - Remote Code Execution

exacqVision Web Service is susceptible to remote code execution which could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker wi...

9CVSS8.1AI score0.0777EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago87 views

rConfig <3.9.4 - Sensitive Information Disclosure

rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes,...

7.5CVSS7.3AI score0.16671EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago118 views

Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure

GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2020-26413 info:...

5.3CVSS5.8AI score0.33772EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago52 views

Hospital Management System 4.0 - SQL Injection

Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of...

8.8CVSS8.3AI score0.1681EPSS
Exploits3References5
Nuclei
Nuclei
added 19 hours ago66 views

Rukovoditel <= 2.7.2 - Cross Site Scripting

A stored cross site scripting XSS vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. id: CVE-2020-35984 info: name: Rukovoditel = 2.7.2 - Cross Site...

5.4CVSS5.5AI score0.01104EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago69 views

OPNsense <=20.1.5 - Open Redirect

OPNsense through 20.1.5 contains an open redirect vulnerability via the url redirect parameter in the login page, which is not filtered. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...

6.1CVSS6.2AI score0.02689EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago83 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.2AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago103 views

Jenkins <=2.218 - Information Disclosure

Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations...

5.4CVSS5.3AI score0.07044EPSS
Exploits0References5
Nuclei
Nuclei
added 19 hours ago83 views

Inspur ClusterEngine 4.0 - Remote Code Execution

Inspur ClusterEngine V4.0 is suscptible to a remote code execution vulnerability. A remote attacker can send a malicious login packet to the control server. id: CVE-2020-21224 info: name: Inspur ClusterEngine 4.0 - Remote Code Execution author: pikpikcu severity: critical description: Inspur...

10CVSS9.2AI score0.38745EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago102 views

74cms - ajax_common.php SQL Injection

SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajaxcommon.php. id: CVE-2020-22209 info: name: 74cms - ajaxcommon.php SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajaxcommon.php. impact: | Successful...

9.8CVSS9AI score0.08579EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago82 views

74cms - ajax_street.php 'key' SQL Injection

SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajaxstreet.php. id: CVE-2020-22211 info: name: 74cms - ajaxstreet.php 'key' SQL Injection author: ritikchaddha severity: critical description: | SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajaxstreet.php. impact: | Successf...

9.8CVSS7.7AI score0.0794EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago44 views

qdPM 9.1 - Cross-site Scripting

qdPM V9.1 is vulnerable to Cross Site Scripting XSS via qdPM\install\modules\databaseconfig.php. id: CVE-2020-19515 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM V9.1 is vulnerable to Cross Site Scripting XSS via...

6.1CVSS6.1AI score0.01789EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago64 views

WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection

WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection XXE. XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit...

9.1CVSS8.4AI score0.26939EPSS
Exploits0References4
Nuclei
Nuclei
added 19 hours ago75 views

Fuel CMS 1.4.7 - SQL Injection

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. id: CVE-2020-17463 info: name: Fuel CMS 1.4.7 - SQL Injection author: Thirukrishnan severity: critical description: | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to...

9.8CVSS9AI score0.90044EPSS
Exploits4References5
Rows per page
Query Builder