Lucene search
K

140 matches found

Nuclei
Nuclei
added yesterday33 views

Rukovoditel <= 2.7.2 - Cross Site Scripting

A stored cross site scripting XSS vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. id: CVE-2020-35984 info: name: Rukovoditel = 2.7.2 - Cross Site...

5.4CVSS6AI score0.01333EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday41 views

MicroStrategy Web 10.4 - Information Disclosure

MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and there...

7.5CVSS7.1AI score0.17841EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday66 views

GLPI <9.4.6 - Open Redirect

GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. id: CVE-2020-11034 info: name: GLPI 9.4.6 - Open Redirect author: pikpikcu severity: medium description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. impact: | An attacker can exploit this...

6.1CVSS6.4AI score0.07608EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday43 views

WordPress acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference

WordPress acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wpoptions table such as the login and pass values. id: CVE-2020-13700 info: name: WordPres...

7.5CVSS7.1AI score0.12955EPSS
Exploits2
Nuclei
Nuclei
added yesterday27 views

Quixplorer <=2.4.1 - Cross-Site Scripting

Quixplorer through 2.4.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

6.1CVSS6.4AI score0.02852EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday107 views

Joomla! Component GMapFP 3.5 - Arbitrary File Upload

Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application without authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type & name file too double...

7.5CVSS7.2AI score0.31444EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday26 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS6.1AI score0.01552EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday32 views

Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery

Canvas version 2020-07-29 is susceptible to blind server-side request forgery. An attacker can cause Canvas to perform HTTP GET requests to arbitrary domains and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-5775 info: name: Canva...

5.8CVSS6.4AI score0.06531EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday14 views

HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access

HPE Smart Update Manager SUM prior to version 8.5.6 could allow remote unauthorized access. id: CVE-2020-7136 info: name: HPE Smart Update Manager 8.5.6 - Remote Unauthorized Access author: gy741 severity: critical description: HPE Smart Update Manager SUM prior to version 8.5.6 could allow remot...

10CVSS7.4AI score0.79522EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday23 views

WP Hotel Booking < 1.10.4 - PHP Object Injection

The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php. id: CVE-2020-29047 info: name: WP Hotel Booking 1.10.4 - PHP Object...

9.8CVSS7.7AI score0.14269EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday18 views

Advanced Comment System 1.0 - Local File Inclusion

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...

7.5CVSS7.1AI score0.21EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday33 views

CSE Bookstore 1.0 - SQL Injection

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database. id: CVE-2020-36112 info: name: CSE Bookstor...

9.8CVSS7.3AI score0.17166EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday239 views

Eclipse Mojarra - Local File Read

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. id: CVE-2020-6950 info: name: Eclipse Mojarra - Local File Read author: iamnoooob,pdresearch severity: medium description: | Directory traversal in Eclipse Mojarra...

6.5CVSS7AI score0.10124EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday14 views

Submitty <= 20.04.01 - Open Redirect

Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-13121...

6.1CVSS6.3AI score0.03518EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday62 views

TeamPass 2.1.27.36 - Improper Authentication

TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-12478 info...

7.5CVSS6.6AI score0.0722EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday25 views

Hospital Management System 4.0 - SQL Injection

Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of...

8.8CVSS7.4AI score0.1681EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday17 views

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

9.8CVSS7.2AI score0.36164EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday21 views

D-Link DIR-816L 2.x - Cross-Site Scripting

D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting us...

6.1CVSS6.5AI score0.02835EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday31 views

Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read

Citrix ShareFile StorageZones aka storage zones Controller versions through at least 5.10.x are susceptible to an unauthenticated arbitrary file read vulnerability. id: CVE-2020-8982 info: name: Citrix ShareFile StorageZones =5.10.x - Arbitrary File Read author: dwisiswant0 severity: high...

7.5CVSS7.5AI score0.27149EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday49 views

Citrix XenMobile Server - Local File Inclusion

Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6, and Citrix XenMobile Server before 10.9 RP5 are susceptible to local file inclusion vulnerabilities. reference: -...

7.5CVSS7.4AI score0.48656EPSS
Exploits3References3
Rows per page
Query Builder