CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2005-0219

Malware in sbrugna...

5CVSS6.1AI score0.00592EPSS

Exploits0References7

Tenable Nessus•added 2024/04/26 12:0 a.m.•22 views

Splunk Enterprise 9.0.0 < 9.0.4 (SVD-2023-0202)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0202 advisory. - In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting XSS through the error message in a...

8.7CVSS6.3AI score0.00639EPSS

Exploits0References2

ATTACKERKB•added 2023/11/14 6:15 a.m.•1 views

CVE-2023-45878

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubricsvisualisesaveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set...

9.8CVSS5.9AI score0.92556EPSS

Exploits8References3

Tenable Nessus•added 2023/02/16 12:0 a.m.•58 views

Splunk Enterprise < 9.0.4 XSS (SVD-2023-0202)

The version of Splunk installed on the remote host is prior to 9.0.4. It is, therefore, affected by a cross-site scripting vulnerability where a View allows for XSS through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. Note that Nessus h...

8.7CVSS6.3AI score0.00639EPSS

Exploits0References2

Cvelist•added 2023/02/14 5:22 p.m.•15 views

CVE-2023-22932 Persistent Cross-Site Scripting through a Base64-encoded Image in a View in Splunk Enterprise

In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting XSS through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0...

8.7CVSS7.8AI score0.00639EPSS

Exploits0References2

Openbugbounty•added 2020/04/23 9:59 a.m.•8 views

hospitalcruzvermelha.pt Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1149290 Security Researcher MrRhino Helped patch 52 vulnerabilities Received 3 Coordinated Disclosure badges Received 3 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting hospitalcruzvermelha.pt websi...

0.2AI score

Exploits0

ThreatPost•added 2018/07/25 7:36 p.m.•53 views

Pinterest Browser Extension Injects Unwanted Code into 5K Websites

A buggy Mozilla Firefox browser extension for sharing links to Pinterest has automatically injected malformed code into at least 5,000 websites. The code injection in this instance was not malicious, but researchers at Sucuri, which discovered and reported the problem on Tuesday, said the inciden...

7.5CVSS0.1AI score0.84291EPSS

Exploits7References2

Hacker One•added 2016/06/21 9:52 p.m.•12 views

New Relic: Html injection in monitor name textbox

Hello guys, Details: Encoded image tag via HTML-Encoding is executed in Monitot failed email Payload: Plain text: Encoded: PoC: F100855 Remediation: Before sending an email - make sanitization / filtering / encoding of whole special characters. If you have any question, plz let me know Thanks, St...

1.9AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•28 views

Microsoft Outlook 2003 Security Policy Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11446/info Microsoft Outlook 2003 is reported prone to a security policy bypass vulnerability. It is reported that by including a base64 encoded image in an email and labeling that image in a sufficient manner, it is then...

7.1AI score

Exploits0

OSV•added 2007/11/15 12:46 a.m.•1 views

DEBIAN-CVE-2007-5977

Cross-site scripting XSS vulnerability in dbcreate.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than...

3.5CVSS5.7AI score0.00693EPSS

Exploits1References1

OSV•added 2005/05/02 4:0 a.m.•2 views

DEBIAN-CVE-2005-0218

ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: RFC 2397 URL...

5CVSS6.9AI score0.00592EPSS

Exploits0References1

NVD•added 2005/05/02 4:0 a.m.•13 views

CVE-2005-0218

ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: RFC 2397 URL...

5CVSS6.5AI score0.00592EPSS

Exploits0References6

CVE•added 2005/02/06 5:0 a.m.•71 views

CVE-2005-0218

CVE-2005-0218 : ClamAV versions up to 0.80 are vulnerable. A remote attacker can bypass virus scanning by embedding a base64-encoded image in a data: URL, allowing malicious content to pass checks. The issue is documented across multiple advisories, indicating a vulnerability in the data: URL han...

5CVSS6.5AI score0.00592EPSS

Exploits0References6Affected Software1

exploitpack•added 2004/10/18 12:0 a.m.•15 views

Microsoft Outlook 2003 - Security Policy Bypass

Microsoft Outlook 2003 - Security Policy Bypass source: https://www.securityfocus.com/bid/11446/info Microsoft Outlook 2003 is reported prone to a security policy bypass vulnerability. It is reported that by including a base64 encoded image in an email and labeling that image in a sufficient...

7.4AI score

Exploits0

Exploit DB•added 2004/10/18 12:0 a.m.•27 views

Microsoft Outlook 2003 - Security Policy Bypass

source: https://www.securityfocus.com/bid/11446/info Microsoft Outlook 2003 is reported prone to a security policy bypass vulnerability. It is reported that by including a base64 encoded image in an email and labeling that image in a sufficient manner, it is then possible to reference this base64...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by