Lucene search
K

8692 matches found

OSV
OSV
added 2018/05/25 12:29 p.m.4 views

UBUNTU-CVE-2018-1135

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

6.5CVSS7.3AI score0.01201EPSS
Exploits0References3
CNVD
CNVD
added 2018/05/17 12:0 a.m.4 views

Intelbras NCLOUD 300 Denial of Service Vulnerability

Intelbras NCLOUD 300 is a wireless router device from Intelbras, Brazil. A security vulnerability exists in Intelbras NCLOUD 300 version 1.0, which stems from the program failing to require authentication. An attacker can exploit the vulnerability by sending requests to /cgi-bin/ExportSettings.sh...

10CVSS6.7AI score0.35573EPSS
Exploits5References1
CNVD
CNVD
added 2018/05/17 12:0 a.m.4 views

OpenFire User Import Export Plugin XML External Entity Injection Vulnerability

OpenFire is an open source real-time collaboration RTC server . User Import Export Plugin is one of the ability to import and export Openfire user data through the management console plugin . An XML external entity injection vulnerability exists in the OpenFire User Import Export Plugin version...

8.1CVSS8.2AI score0.00933EPSS
Exploits1References1
OSV
OSV
added 2018/05/15 7:29 p.m.4 views

CVE-2018-11094

An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and...

9.8CVSS5.8AI score0.35573EPSS
Exploits5References2
Prion
Prion
added 2018/05/15 5:29 p.m.11 views

Design/Logic Flaw

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

5.5CVSS7.8AI score0.00933EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/05/15 5:29 p.m.21 views

CVE-2017-2815

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

8.1CVSS8AI score0.00933EPSS
Exploits1References1
OSV
OSV
added 2018/05/15 5:29 p.m.2 views

CVE-2017-2815

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

8.1CVSS5.9AI score0.00933EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/05/15 5:0 p.m.26 views

CVE-2017-2815

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

8.1CVSS8AI score0.00933EPSS
Exploits1References1
CVE
CVE
added 2018/05/15 5:0 p.m.61 views

CVE-2017-2815

OpenFire User Import Export Plugin 2.6.0 is vulnerable to XML External Entity (XXE) injection (CVE-2017-2815). An authenticated attacker can send a crafted request to trigger XXE, enabling retrieval of arbitrary files or causing a Denial of Service. Affected component: OpenFire User Import Export...

8.1CVSS7.9AI score0.00933EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/05/15 12:0 a.m.1 views

SQL Injection Vulnerability in Longcai Technology Cms

Longcai Technology Group is a high-tech enterprise with website construction, network promotion, network engineering construction, software development, computer maintenance and multimedia video production as its main business. Longcai Technology Cms has a SQL injection vulnerability. Attackers c...

8AI score
Exploits0References1
CNVD
CNVD
added 2018/05/15 12:0 a.m.1 views

SQL Injection Vulnerability in Guangzhou Lianxiang Cms

Guangzhou Lianxiang Information Technology Co., Ltd. is an e-commerce Internet enterprise that specializes in website construction, micro letter development and website development. Guangzhou Lianxiang CMS has a SQL injection vulnerability. Attackers can use the vulnerability to perform malicious...

8AI score
Exploits0
CNVD
CNVD
added 2018/05/09 12:0 a.m.2 views

Oracle Fusion Middleware Outside In Technology Component Denial of Service Vulnerability (CNVD-2018-10966 )

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, etc. Outside In Technology is one of the software development kit components. A securi...

7.1CVSS6.8AI score0.0224EPSS
Exploits0References1
exploitpack
exploitpack
added 2018/05/06 12:0 a.m.11 views

HWiNFO 5.82-3410 - Denial of Service

HWiNFO 5.82-3410 - Denial of Service !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: HWiNFO 5.82-3410 - Denial of Service Date: 05-04-18 Vulnerable Software: HWiNFO 5.82-3410 Vendor Homepage: https://www.hwinfo.com/ Version: 5.82-3410 Software Link:...

0.1AI score
Exploits0
Patchstack
Patchstack
added 2018/04/29 12:0 a.m.11 views

WordPress Woo Import Export 1.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability found by Lenon Leite in WordPress Woo Import Export version 1.0. Solution This plugin was closed on 26th January 2018 and is no longer available for download. Reason: Security Issue. Deactivate and uninstall...

3.7AI score
Exploits0References1Affected Software1
NVD
NVD
added 2018/04/27 4:29 p.m.14 views

CVE-2014-2552

Brookins Consulting BC Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data...

9.8CVSS9.6AI score0.03754EPSS
Exploits0References3
Prion
Prion
added 2018/04/27 4:29 p.m.13 views

Code injection

Brookins Consulting BC Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data...

7.5CVSS7.4AI score0.03754EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/04/27 4:0 p.m.16 views

CVE-2014-2552

Brookins Consulting BC Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data...

9.7AI score0.03754EPSS
Exploits0References3
CVE
CVE
added 2018/04/27 4:0 p.m.34 views

CVE-2014-2552

The CVE-2014-2552 entry concerns Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0, which is described as not properly restricting access to sensitive data. The incident is exploitable remotely with network access and requires no authentication, enabling partial...

9.8CVSS9.4AI score0.03754EPSS
Exploits0References3Affected Software1
Fedora
Fedora
added 2018/04/27 4:19 a.m.15 views

[SECURITY] Fedora 28 Update: phpMyAdmin-4.8.0.1-1.fc28

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

1.3AI score
Exploits0
CNVD
CNVD
added 2018/04/27 12:0 a.m.4 views

Vaultize Enterprise File Sharing Information Disclosure Vulnerability

Vaultize Enterprise File Sharing is an enterprise file sharing solution from Vaultize Technologies, USA. The solution includes features such as data retention management, versioning, secure data handling, data backup and recovery. A security vulnerability exists in Vaultize Enterprise File Sharin...

5.3CVSS6.9AI score0.01055EPSS
Exploits0References1
Rows per page
Query Builder