Lucene search
K

222249 matches found

Nuclei
Nuclei
added yesterday58 views

Apache Solr DataImportHandler <8.2.0 - Remote Code Execution

Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug...

9CVSS7.3AI score0.83547EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday51 views

OEcms 3.1 - Cross-Site Scripting

OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php. id: CVE-2018-12095 info: name: OEcms 3.1 - Cross-Site Scripting author: LogicalHunter severity: medium description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of...

5.4CVSS6.2AI score0.05634EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday59 views

L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting

L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter. id: CVE-2019-15501 info: name: L-Soft LISTSERV 16.5-2018a - Cross-Site Scripting author: LogicalHunter,arafatansari severity: medium description: | L-Soft LISTSERV befor...

6.1CVSS6.4AI score0.08182EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday52 views

Monstra CMS <=3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

6.1CVSS6.7AI score0.04754EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday38 views

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

7.5CVSS7AI score0.39391EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday72 views

Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting

Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file. id: CVE-2018-19877 info: name: Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting author: arafatansari severity: medium description: | Adiscon LogAnalyzer before 4.1.7...

6.1CVSS6.4AI score0.18563EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday47 views

LOYTEC LGATE-902 6.3.2 - Local File Inclusion

LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories including critical system files that are stored outside the root folder of the web application running on the device. This can be used to read...

7.8CVSS7AI score0.17982EPSS
Exploits3
Nuclei
Nuclei
added yesterday133 views

Carel pCOWeb <B1.2.4 - Cross-Site Scripting

Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pwsnmp.html "System contact" field. id: CVE-2019-11370 info: name: Carel pCOWeb B1.2.4 - Cross-Site Scripting author: arafatansari severity: medium description: | Carel pCOWeb prior to B1.2.4 ...

5.4CVSS6.2AI score0.03977EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday50 views

HotelDruid 2.3.0 - Cross-Site Scripting

HotelDruid 2.3.0 contains a cross-site scripting vulnerability affecting nsextt, cambia1, mesefine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizzatabelle.php. id: CVE-2019-8937 info: name: HotelDruid 2.3.0 - Cross-Site Scripting author: LogicalHunte...

6.1CVSS6.4AI score0.1068EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday83 views

qdPM 9.1 - Cross-site Scripting

qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. id: CVE-2019-8390 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. impact: | Successful...

6.1CVSS6.4AI score0.09836EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday49 views

DomainMOD <=4.13.0 - Cross-Site Scripting

DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters. id: CVE-2019-15811 info: name: DomainMOD =4.13.1 to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/47325 -...

6.1CVSS6.4AI score0.06395EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday49 views

LG-Ericsson iPECS NMS 30M - Local File Inclusion

Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...

7.5CVSS7AI score0.12851EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday137 views

Joomla! Component PrayerCenter 3.0.2 - SQL Injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...

9.8CVSS7AI score0.58373EPSS
Exploits6References4
Nuclei
Nuclei
added yesterday68 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters. id: CVE-2018-19892 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripti...

4.8CVSS6.3AI score0.01514EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday74 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/category.php CatagoryName and StakeHolder parameters. id: CVE-2018-20011 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD through version...

4.8CVSS6.3AI score0.04428EPSS
Exploits6References4
Nuclei
Nuclei
added yesterday89 views

Yachtcontrol Webapplication 1.0 - Remote Command Injection

Yachtcontrol Webapplication 1.0 makes it possible to perform direct operating system commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers...

10CVSS7AI score0.58879EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday71 views

Atlassian Confluence Download Attachments - Remote Code Execution

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this pat...

9CVSS7.5AI score0.97153EPSS
Exploits10References5
Nuclei
Nuclei
added yesterday72 views

Nimble Streamer <=3.5.4-9 - Local File Inclusion

Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server. id: CVE-2019-11013 info: name: Nimble Streamer =3.5.4-9 - Local File Inclusion...

6.5CVSS6.7AI score0.23978EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday99 views

LiveZilla Server 8.0.1.0 - Cross-Site Scripting

LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting. id: CVE-2019-12962 info: name: LiveZilla Server 8.0.1.0 - Cross-Site Scripting author: Clment Cruchet severity: medium description: | LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting. impact: |...

6.1CVSS6.6AI score0.09052EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday91 views

Kavita <0.5.4.1 - Server-Side Request Forgery

Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-2756 info: name:...

7.1CVSS6.8AI score0.02298EPSS
Exploits1References4
Rows per page
Query Builder