Lucene search
+L

5 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:11 p.m.26 views

Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp password parameter. This issue was fixed in version 4.4.2...

6.1CVSS4.5AI score0.00906EPSS
Exploits1References3Affected Software1
wpexploit
wpexploit
added 2021/06/24 12:0 a.m.1459 views

ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload

The plugin contained a PHP file, allowing unauthenticated users to upload an arbitrary file anywhere on the web server. Note WPScanTeam: It's unclear which version fixed the issue exactly, however we were able to confirm the issue on version as high as v5.96 and that the related file has been...

0.4AI score
Exploits0
NVD
NVD
added 2020/03/30 10:15 p.m.22 views

CVE-2020-5284

Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory .next. This does not affect files outside of the dist directory .next. In general, the dist directory only holds build assets unless your applicatio...

5CVSS4.3AI score0.43426EPSS
Exploits0References2
NVD
NVD
added 2019/02/04 9:29 p.m.24 views

CVE-2019-1000005

mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim...

8.8CVSS8.7AI score0.02101EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Microweber 0.905 - Error Based SQL Injection

No description provided by source. =============================================================================== | | / / / / / / // / / -/ - / // / / / / // / ////,//////,// ///, / // team PUBLIC SECURITY ADVISORY | |...

7.1AI score
Exploits0
Rows per page
Query Builder