Lucene search
K

54 matches found

Nuclei
Nuclei
added yesterday48 views

11in1 CMS 1.2.1 - Local File Inclusion (LFI)

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. dot dot in the class parameter to 1 index.php or 2 admin/index.php. id: CVE-2012-0996 info: name: 11in1 CMS 1.2.1 - Local File Inclusion LFI author: daffainfo...

5CVSS6.1AI score0.09794EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday29 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.257 views

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...

9.8CVSS7.9AI score0.99964EPSS
Exploits35References5
CERT
CERT
added 2016/04/25 12:0 a.m.29 views

Allround Automations PL/SQL Developer v11 performs updates over HTTP

Overview Allround Automations PL/SQL Developer version 11 checks for updates over HTTP and does not verify updates before executing commands, which may allow an attacker to execute arbitrary code. Description CWE-345: Insufficient Verification of Data Authenticity - CVE-2016-2346 According to the...

8.1CVSS8.4AI score0.00944EPSS
Exploits1References1
CERT
CERT
added 2015/10/21 12:0 a.m.25 views

HP Photosmart B210 printer SMB server buffer overflow vulnerability

Overview The HP Photosmart B210 printer utilizes an SMB server for managing the print queue. An invalid SMB packet may cause a denial of service condition, requiring the printer to be restarted. Description Fuzzing the first 296 bytes of an SMB packet may in some cases cause a denial of service...

7.7AI score
Exploits0References1
CERT
CERT
added 2015/07/20 12:0 a.m.21 views

N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password

Overview SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined. Description CWE-547: Use of Hard-coded, Security-relevant...

7.2AI score
Exploits0
CERT
CERT
added 2014/07/23 12:0 a.m.19 views

Resin Pro improperly performs Unicode transformations

Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...

5CVSS6.2AI score0.01665EPSS
Exploits0References2
CERT
CERT
added 2014/07/11 12:0 a.m.38 views

Datum Systems satellite modem devices contain multiple vulnerabilities

Overview Datum Systems PSM-4500 and PSM-500 series satellite modem devices contain multiple vulnerabilities Description CWE-220:Sensitive Data Under FTP Root - CVE-2014-2950The Datum Systems SnIP operating system on PSM-4500 and PSM-500 satellite modem devices has FTP enabled by default with no...

10CVSS7.1AI score0.02294EPSS
Exploits0References3
CERT
CERT
added 2014/06/17 12:0 a.m.23 views

F5 ARX Data Manager contains a SQL injection vulnerability

Overview F5 ARX Data Manager 3.0.0 - 3.1.0 contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command F5 ARX Data Manager 3.0.0 - 3.1.0 contains an unspecified SQL injection vulnerability. --- Impact A remote authenticated attack...

6.5CVSS7AI score0.01421EPSS
Exploits0References3
CERT
CERT
added 2014/04/14 12:0 a.m.43 views

Xangati software release contains relative path traversal and command injection vulnerabilities

Overview Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities. Description Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities.CWE-23: Relative Path Traversal -CVE-2014-0358 The...

9CVSS6.9AI score0.06162EPSS
Exploits0References3
CERT
CERT
added 2014/04/07 12:0 a.m.17 views

Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability

Overview Websense Triton Unified Security Center 7.7.3 and possibly earlier versions contains an information disclosure vulnerability which could allow an authenticated attacker to view stored credentials of a possibly higher privileged user. Description CWE-200: Information ExposureWhen logged...

3.5CVSS5.8AI score0.01343EPSS
Exploits1References3
CERT
CERT
added 2014/04/01 12:0 a.m.22 views

Pearson eSIS Enterprise Student Information System XSS vulnerability

Overview Pearson eSIS Enterprise Student Information System contains a XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'Pearson eSIS Enterprise Student Information System contains a reflected cross-site scripting vulnerabilit...

4.3CVSS6AI score0.01012EPSS
Exploits1References1
CERT
CERT
added 2014/02/14 12:0 a.m.67 views

Internet Explorer CMarkup use-after-free vulnerability

Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the MSHTML CMarkup component, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a use-after-free vulnerability in the...

9.3CVSS8.9AI score0.85239EPSS
Exploits23References8
CERT
CERT
added 2014/02/06 12:0 a.m.48 views

F5 Networks BIG-IP Edge Client information leakage vulnerability

Overview F5 Networks has reported a flaw in the BIG-IP APM and the FirePass client-side F5-signed Edge Client components. The components may leak information from memory. CWE-200 Description F5 Networks has reported a flaw in the BIG-IP APM and the FirePass client-side F5-signed Edge Client...

4.4CVSS5.6AI score0.00357EPSS
Exploits0References2
CERT
CERT
added 2014/02/03 12:0 a.m.47 views

Mediatrix 4402 digital gateway web interface contains a cross-site scripting (XSS) vulnerability

Overview Mediatrix's web management interface for the 4402 digital gateway device with firmware version Dgw 1.1.13.186, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation...

4.3CVSS6AI score0.02541EPSS
Exploits1References3
CERT
CERT
added 2014/01/23 12:0 a.m.29 views

Emerson Network Power Avocent MergePoint Unity 2016 KVM and possibly other model switches contain a directory traversal vulnerability

Overview Emerson Network Power Avocent MergePoint Unity 2016 KVM and possibly other model switches running firmware version 1.9.16473 and possibly previous versions contain a directory traversal vulnerability CWE-23. Description CWE-23: Relative Path Traversal Emerson Network Power Avocent...

5CVSS6.3AI score0.02943EPSS
Exploits0References4
CERT
CERT
added 2014/01/07 12:0 a.m.53 views

Synology DiskStation Manager arbitrary file modification

Overview Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges. Description CWE-284: Improper Access Control - CVE-2013-6955Synology DiskStation Manager...

10CVSS7.1AI score0.84571EPSS
Exploits5References2
CERT
CERT
added 2013/11/04 12:0 a.m.40 views

Attachmate Verastream Host Integrator (VHI) allows arbitrary file upload and execution

Overview The Attachmate Verastream Host Integrator VHI is vulnerable to arbitrary file uploads and execution. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2013-3626The Attachmate VHI Session Server, on all platforms, allows unauthenticated...

9.3CVSS7.1AI score0.02778EPSS
Exploits0References2
CERT
CERT
added 2013/09/03 12:0 a.m.28 views

AdvancePro Technologies Advanceware software suite vulnerable to privilege bypass

Overview AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in information leakage CWE-200. Description CWE-200: Information Exposure AdvancePro Technologies Advanceware software suite contains a privilege bypass vulnerability, resulting in...

4CVSS6.1AI score0.01033EPSS
Exploits0References4
CERT
CERT
added 2013/07/26 12:0 a.m.24 views

TrustGo Antivirus & Mobile Security contains a denial-of-service vulnerability

Overview TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 contain a denial-of-service CWE-20 vulnerability. Description CWE-20:Improper Input Validation- CVE-2013-3580TrustGo Antivirus & Mobile Security versions 1.2.7 through 1.3.5 crash if an intent is sent to...

4.3CVSS6.1AI score0.01273EPSS
Exploits0References2
Rows per page
Query Builder