CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1393 matches found

Joomla! Component Archery Scores 1.0.6 - Local File Inclusion

A directory traversal vulnerability in archeryscores.php in the Archery Scores comarcheryscores component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1718 info: name: Joomla! Compone...

6.8CVSS6.1AI score0.09455EPSS

Exploits1References3

Nuclei•added 2 days ago•26 views

Joomla! Component Arcade Games 1.0 - Local File Inclusion

A directory traversal vulnerability in the Arcade Games comarcadegames component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1714 info: name: Joomla! Component Arcade Games 1.0 - Local File Inclusion autho...

5CVSS6AI score0.18703EPSS

Exploits2References5

Nuclei•added 2 days ago•21 views

OEcms 3.1 - Cross-Site Scripting

OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php. id: CVE-2018-12095 info: name: OEcms 3.1 - Cross-Site Scripting author: LogicalHunter severity: medium description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of...

5.4CVSS5.9AI score0.05103EPSS

Exploits5References5

Nuclei•added 2 days ago•22 views

LG-Ericsson iPECS NMS 30M - Local File Inclusion

Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...

7.5CVSS7.1AI score0.12851EPSS

Exploits0References4

Nuclei•added 2 days ago•25 views

Monstra CMS <=3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.7AI score0.04754EPSS

Exploits1References5

Nuclei•added 2 days ago•35 views

Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion

A directory traversal vulnerability in the givesight PowerMail Pro compowermail component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1532 info: name: Joomla!...

5CVSS6.1AI score0.1633EPSS

Exploits2References4

Nuclei•added 2 days ago•43 views

WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)

A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F encoded dot dot sequences in the url parameter. id: CVE-2011-1669 info: name: WP Custom Pages 0.5.0.1 - Local File Inclusion LFI...

5CVSS6.1AI score0.22157EPSS

Exploits1References5

Nuclei•added 2 days ago•33 views

Joomla! Component Music Manager - Local File Inclusion

A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the cid parameter to album.html. id: CVE-2010-2857 info: name: Joomla! Component Music Manager - Local Fil...

6.8CVSS6.1AI score0.04848EPSS

Exploits1References5

Nuclei•added 2 days ago•21 views

Joomla! Component Love Factory 1.3.4 - Local File Inclusion

A directory traversal vulnerability in the Love Factory comlovefactory component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1957 info: name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion...

7.5CVSS6AI score0.14847EPSS

Exploits1References5

Nuclei•added 2 days ago•22 views

Joomla! Component Canteen 1.0 - Local File Inclusion

A SQL injection vulnerability in menu.php in the Canteen comcanteen component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. id: CVE-2010-4977 info: name: Joomla! Component Canteen 1.0 - Local File Inclusion author: daffainfo...

7.5CVSS6.3AI score0.15251EPSS

Exploits1References5

Nuclei•added 2 days ago•19 views

Microstrategy Web 7 - Cross-Site Scripting

Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter. id: CVE-2018-18775 info: name: Microstrategy Web 7 - Cross-Site Scripting author: 0xAkoko severity: medium description: Microstrategy Web 7 does not...

6.1CVSS6.2AI score0.06555EPSS

Exploits5References4

Nuclei•added 2 days ago•18 views

Advanced Comment System 1.0 - Local File Inclusion

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...

7.5CVSS7.1AI score0.21EPSS

Exploits2References5

Nuclei•added 2 days ago•17 views

PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...

9.8CVSS6.8AI score0.15652EPSS

Exploits1References4

Nuclei•added 2 days ago•33 views

Acrolinx Server <5.2.5 - Local File Inclusion

Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability. id: CVE-2018-7719 info: name: Acrolinx Server 5.2.5 - Local File Inclusion author: 0xakoko severity: high description: | Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability. impact: |...

7.5CVSS7.1AI score0.46312EPSS

Exploits3References5

Nuclei•added 2 days ago•31 views

DomainMOD <=4.11.01 - Cross-Site Scripting

DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the assets/edit/host.php Web Host Name or Web Host URL field. id: CVE-2018-19915 info: name: DomainMOD =4.11.02 to mitigate this vulnerability. reference: - https://github.com/domainmod/domainmod/issues/87 -...

4.8CVSS6.1AI score0.04008EPSS

Exploits5References5

Nuclei•added 2 days ago•87 views

Joomla! Component PrayerCenter 3.0.2 - SQL Injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...

9.8CVSS7.4AI score0.59552EPSS

Exploits6References4

Nuclei•added 2 days ago•21 views

WordPress RobotCPA 5 - Directory Traversal

The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. id: CVE-2015-9480 info: name: WordPress RobotCPA 5 - Directory Traversal author: daffainfo severity: high description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter...

7.5CVSS7.2AI score0.12574EPSS

Exploits2References3

Nuclei•added 2 days ago•25 views

Magento Server Mass Importer - Cross-Site Scripting

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...

4.3CVSS5.9AI score0.1404EPSS

Exploits1References4

Nuclei•added 2 days ago•31 views

WordPress Sniplets 1.1.2 - Local File Inclusion

PHP remote file inclusion vulnerability in modules/syntaxhighlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. id: CVE-2008-1059 info: name: WordPress Sniplets 1.1.2 - Local File Inclusion autho...

7.5CVSS6.2AI score0.48329EPSS

Exploits2References5

Nuclei•added 2 days ago•40 views

Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion

Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter. id: CVE-2017-15363 info: name: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local...

7.5CVSS7.3AI score0.13649EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by