CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

220606 matches found

nweb2fax <=0.2.7 - Local File Inclusion

nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the varfilename parameter submitted to viewrq.php. id: CVE-2008-6668 info: name: nweb2fax =0.2.7 - Local File Inclusion author: geeknik severity: medium description: nweb2fax...

5CVSS6AI score0.15346EPSS

Exploits1References5

Nuclei•added 15 hours ago•25 views

Joomla! ProDesk 1.0/1.2 - Local File Inclusion

Joomla! Pro Desk Support Center comprodesk component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. dot dot in the includefile parameter to index.php. id: CVE-2008-6222 info: name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion author: daffainfo severity: medium description:...

5CVSS6AI score0.11497EPSS

Exploits0References4

Nuclei•added 15 hours ago•51 views

Telaen => v1.3.1 - Open Redirect

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. id: CVE-2013-2621 info: name: Telaen = v1.3.1 - Open Redirect author: ctflearner severity: medium description: | Open Redirection...

6.1CVSS6.6AI score0.10692EPSS

Exploits4References3

Nuclei•added 15 hours ago•138 views

Oracle WebLogic Server Administration Console - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. id:...

9.8CVSS7.6AI score0.8883EPSS

Exploits11References5

Nuclei•added 15 hours ago•12 views

Aptana Jaxer 1.0.3.4547 - Local File inclusion

Aptana Jaxer 1.0.3.4547 is vulnerable to local file inclusion in the wikilite source code viewer. An attacker can read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI. id: CVE-2019-14312 info: name: Aptana Jaxer 1.0.3.4547 - Local File inclusion author: daffainfo...

6.5CVSS6.7AI score0.20586EPSS

Exploits5References5

Nuclei•added 15 hours ago•33 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. id: CVE-2018-20011 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version...

4.8CVSS5.9AI score0.04428EPSS

Exploits6References4

Nuclei•added 15 hours ago•28 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters. id: CVE-2018-19892 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripti...

4.8CVSS5.9AI score0.01514EPSS

Exploits5References4

Nuclei•added 15 hours ago•25 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider.php ssl-provider-name and ssl-provider's-url parameters. id: CVE-2018-20009 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD...

4.8CVSS5.9AI score0.04428EPSS

Exploits6References5

Nuclei•added 15 hours ago•20 views

Microstrategy Web 7 - Local File Inclusion

Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" in the parameter subpage. Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. slash dot dot in a pathname used by a web application. NOTE: this i...

4.3CVSS5.9AI score0.19551EPSS

Exploits5References5

Nuclei•added 15 hours ago•96 views

Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion

In avataruploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. id: CVE-2018-9205 info: name: Drupal avataruploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avataruploader...

7.5CVSS7.2AI score0.56924EPSS

Exploits6References5

Nuclei•added 15 hours ago•35 views

Acrolinx Server <5.2.5 - Local File Inclusion

Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability. id: CVE-2018-7719 info: name: Acrolinx Server 5.2.5 - Local File Inclusion author: 0xakoko severity: high description: | Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability. impact: |...

7.5CVSS7.1AI score0.46312EPSS

Exploits3References5

Nuclei•added 15 hours ago•79 views

Carel pCOWeb <B1.2.4 - Cross-Site Scripting

Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pwsnmp.html "System contact" field. id: CVE-2019-11370 info: name: Carel pCOWeb B1.2.4 - Cross-Site Scripting author: arafatansari severity: medium description: | Carel pCOWeb prior to B1.2.4 ...

5.4CVSS5.9AI score0.03977EPSS

Exploits1References4

Nuclei•added 15 hours ago•63 views

Rails File Content Disclosure

Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...

7.5CVSS7.1AI score0.98507EPSS

Exploits18References5

Nuclei•added 15 hours ago•23 views

Kirona Dynamic Resource Scheduler - Information Disclosure

Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd, which contains sensitive information with exposed SQL queries, such as database version, table name, and column name. id:...

5.3CVSS6.1AI score0.49236EPSS

Exploits5References4

Nuclei•added 15 hours ago•25 views

LG-Ericsson iPECS NMS 30M - Local File Inclusion

Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...

7.5CVSS7.1AI score0.12851EPSS

Exploits0References4

Nuclei•added 15 hours ago•93 views

WordPress Site Editor <=1.1.1 - Local File Inclusion

WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajaxpath parameter to editor/extensions/pagebuilder/includes/ajaxshortcodepattern.php. id: CVE-2018-7422 info: name: WordPress Site Editor =1.1.1 - Local File Inclusion author: LuskaBol,0x240x23elu...

7.5CVSS7.3AI score0.63102EPSS

Exploits7References5

Nuclei•added 15 hours ago•31 views

Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion

Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the downloadfile parameter. id: CVE-2018-6008 info: name: Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion author: daffainfo severity: high description: Joomla! Jtag Members Directory 5.3.7 is vulnerable to...

7.5CVSS7.1AI score0.37399EPSS

Exploits5References5

Nuclei•added 15 hours ago•27 views

SugarCRM 3.5.1 - Cross-Site Scripting

SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string aka a $key variable. id: CVE-2018-5715 info: name: SugarCRM 3.5.1 - Cross-Site Scripting author: edoardottt severity: medium description: SugarCRM 3.5.1 is vulnerable to cross-site...

6.1CVSS6.2AI score0.06914EPSS

Exploits5References5

Nuclei•added 15 hours ago•40 views

Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion

Zyxel VMG1312-B10D 5.13AAXA.8 is susceptible to local file inclusion. A remote unauthenticated attacker can send a specially crafted URL request containing "dot dot" sequences /../, conduct directory traversal attacks, and view arbitrary files. id: CVE-2018-19326 info: name: Zyxel VMG1312-B10D...

7.5CVSS6.9AI score0.08178EPSS

Exploits1References5

Nuclei•added 15 hours ago•25 views

Rubedo CMS <=3.4.0 - Directory Traversal

Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. id: CVE-2018-16836 info: name:...

9.8CVSS7.5AI score0.61437EPSS

Exploits5References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by