Lucene search
K

519 matches found

Packet Storm
Packet Storm
added 2016/05/25 12:0 a.m.44 views

dotCMS Email Header Injection

Title: CVE-2016-4803 dotCMS - Email Header Injection Credit: Elar Lang / https://security.elarlang.eu Vulnerability: Email Header Injection Vulnerable version: before 3.5 / 3.3.2 CVE: CVE-2016-4803 Vendor: dotCMS http://dotcms.com/ Description dotCMS has an email sending functionality at path...

5CVSS7.8AI score0.02201EPSS
Exploits2
OSV
OSV
added 2016/04/19 2:59 p.m.6 views

CVE-2016-4040

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter...

7.2CVSS8.5AI score
Exploits0References3
NVD
NVD
added 2016/04/19 2:59 p.m.14 views

CVE-2016-4040

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter...

7.2CVSS7.5AI score0.01327EPSS
Exploits2References3
OSV
OSV
added 2016/04/19 2:59 p.m.13 views

CVE-2016-3688

SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr...

6.5CVSS7.2AI score
Exploits0References4
NVD
NVD
added 2016/04/19 2:59 p.m.26 views

CVE-2016-3688

SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr...

6.5CVSS7.2AI score0.0158EPSS
Exploits2References4
Prion
Prion
added 2016/04/19 2:59 p.m.20 views

Sql injection

SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr...

4CVSS9AI score0.0158EPSS
Exploits2References4Affected Software1
Prion
Prion
added 2016/04/19 2:59 p.m.15 views

Sql injection

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter...

6.5CVSS8.9AI score0.01327EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2016/04/19 2:0 p.m.52 views

CVE-2016-3688

Vulnerability overview: CVE-2016-3688 is a SQL injection in dotCMS prior to version 3.5, exploitable via the c0-e3 parameter in dwr/call/plaincall/UserAjax.getUsersList.dwr. Affected software: dotCMS (CMS) prior to 3.5. Root cause / impact: Failure to properly validate the c0-e3 parameter allows ...

6.5CVSS7.8AI score0.0158EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2016/04/19 2:0 p.m.24 views

CVE-2016-4040

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter...

7.8AI score0.01327EPSS
Exploits2References3
Cvelist
Cvelist
added 2016/04/19 2:0 p.m.24 views

CVE-2016-3688

SQL injection vulnerability in dotCMS before 3.5 allows remote administrators to execute arbitrary SQL commands via the c0-e3 parameter to dwr/call/plaincall/UserAjax.getUsersList.dwr...

7.5AI score0.0158EPSS
Exploits2References4
CVE
CVE
added 2016/04/19 2:0 p.m.51 views

CVE-2016-4040

CVE-2016-4040 affects dotCMS prior to version 3.3.2. A SQL injection in the Workflow Screen allows remote administrators to execute arbitrary SQL commands through the orderby parameter. Exploitation would impact data confidentiality, integrity, and availability as described by CVSS metrics (base ...

7.2CVSS7.8AI score0.01327EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2016/04/18 3:59 p.m.8 views

CVE-2016-3972

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the fileName parameter...

2.7CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2016/04/18 3:59 p.m.17 views

CVE-2016-3972

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the fileName parameter...

4CVSS3.6AI score0.01468EPSS
Exploits1References2
NVD
NVD
added 2016/04/18 3:59 p.m.13 views

CVE-2016-3971

Cross-site scripting XSS vulnerability in lucenesearch.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout...

4.8CVSS5AI score0.00659EPSS
Exploits1References2
OSV
OSV
added 2016/04/18 3:59 p.m.8 views

CVE-2016-3971

Cross-site scripting XSS vulnerability in lucenesearch.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout...

4.8CVSS5.1AI score
Exploits0References2
Prion
Prion
added 2016/04/18 3:59 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in lucenesearch.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout...

3.5CVSS6.1AI score0.00659EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2016/04/18 3:59 p.m.11 views

Directory traversal

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. dot dot in the fileName parameter...

4CVSS6.7AI score0.01468EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2016/04/18 3:0 p.m.45 views

CVE-2016-3971

CVE-2016-3971 describes an XSS vulnerability in dotCMS where a crafted value in the query parameter to c/portal/layout is reflected by lucene_search.jsp. Affected product: dotCMS, versions before 3.5.1. Root cause: cross-site scripting due to improper handling of user-supplied input. Impact: pote...

4.8CVSS5.6AI score0.00659EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2016/04/18 3:0 p.m.25 views

CVE-2016-3971

Cross-site scripting XSS vulnerability in lucenesearch.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout...

5.3AI score0.00659EPSS
Exploits1References2
CVE
CVE
added 2016/04/18 3:0 p.m.47 views

CVE-2016-3972

dotCMS before 3.5.1 contains a directory traversal vulnerability in the dotTailLogServlet that lets remote authenticated administrators read arbitrary files via a .. in the fileName parameter. Affected component: dotTailLogServlet (dotCMS). Root cause: input traversal in fileName enables access t...

4CVSS4.9AI score0.01468EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder