CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8163 matches found

CNVD•added 2015/04/23 12:0 a.m.•2 views

Multiple Cross-Site Scripting Vulnerabilities in SearchBlox

SearchBlox is the U.S. SearchBlox company a set of open source and free of charge based on Lucene full-text search engine toolkit to build enterprise search and analytics solutions. The program provides a Web-based management interface , you can manage the entire search system . A cross-site...

4.3CVSS6.1AI score0.01287EPSS

Exploits0References1

Packet Storm•added 2015/04/21 12:0 a.m.•36 views

WordPress NEX-Forms 3.0 SQL Injection

Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage : https://wordpress.org/plugins/nex-forms-express-wp-form-builder/ Software Link :...

Exploits0

WPVulnDB•added 2015/04/21 12:0 a.m.•9 views

NEX-Forms - Ultimate Form builder <= 3.0 - SQL Injection

The NEX-Forms – Ultimate Form Builder – Contact forms and much more WordPress plugin was affected by an Ultimate Form builder = 3.0 - SQL Injection security vulnerability...

1.9AI score

Exploits0References4Affected Software1

Patchstack•added 2015/04/21 12:0 a.m.•11 views

WordPress NEX-Forms <= 2.9 - SQL Injection

This WordPress NEX-Forms plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

4AI score

Exploits0References1Affected Software1

0day.today•added 2015/04/21 12:0 a.m.•21 views

Wordpress NEX-Forms 3.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage :...

7.1AI score

Exploits0

exploitpack•added 2015/04/21 12:0 a.m.•19 views

WordPress Plugin NEX-Forms 3.0 - SQL Injection

WordPress Plugin NEX-Forms 3.0 - SQL Injection Exploit Title : NEX-Forms 3.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage :...

0.4AI score

Exploits0

Packet Storm•added 2015/04/21 12:0 a.m.•48 views

WordPress NEX-Forms 3.0 SQL Injection

AUTOR SCRIPT: Cleiton Pinheiro / Nick: googleINURL Exploit name: MINI 3xplo1t-SqlMap - WordPress NEX-Forms 3.0 SQL Injection Vulnerability Type: SQL Injection Email: [email protected] Blog: http://blog.inurl.com.br Twitter: https://twitter.com/googleinurl Fanpage: https://fb.com/InurlBrasil...

7.4AI score

Exploits0

Exploit DB•added 2015/04/21 12:0 a.m.•26 views

WordPress Plugin NEX-Forms < 3.0 - SQL Injection

7.4AI score

Exploits0

Patchstack•added 2015/04/20 12:0 a.m.•15 views

WordPress Gravity Forms Plugin <= 1.9.6 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin to the latest version...

2.1AI score

Exploits0References1Affected Software1

Tenable Nessus•added 2015/04/20 12:0 a.m.•21 views

Moodle 1.9.x < 1.9.14 Multiple Vulnerabilities

Binary data 8711.prm...

6.8CVSS6.8AI score0.02102EPSS

Exploits0References9

WPVulnDB•added 2015/04/20 12:0 a.m.•11 views

Ninja Forms <= 2.9.10 - Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

1.4AI score

Exploits0References1Affected Software1

Tenable Nessus•added 2015/04/20 12:0 a.m.•21 views

Moodle 2.0.x < 2.0.5 / 2.1.x < 2.1.2 Multiple Vulnerabilities

Binary data 8713.prm...

6.8CVSS6.7AI score0.02118EPSS

Exploits0References13

Cvelist•added 2015/04/15 10:0 a.m.•22 views

CVE-2015-0698

Multiple cross-site scripting XSS vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance WSA devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213...

5.8AI score0.01546EPSS

Exploits0References2

Packet Storm•added 2015/03/24 12:0 a.m.•37 views

Wordpress InfusionSoft Shell Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress InfusionSoft Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the WordPress...

7.5CVSS6.5AI score0.46174EPSS

Exploits8

Metasploit•added 2015/03/23 7:15 a.m.•22 views

Wordpress InfusionSoft Upload Vulnerability

This module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5CVSS7.1AI score0.46174EPSS

Exploits8

Cent OS•added 2015/03/19 7:31 p.m.•78 views

thunderbird security update

CentOS Errata and Security Advisory CESA-2015:0642 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

7.5CVSS7.2AI score0.04359EPSS

Exploits0References7

Patchstack•added 2015/03/18 12:0 a.m.•7 views

WordPress Live Forms Plugin <= 3.0.1 - Blind SQL Injection

Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...

5.9AI score

Exploits0References1Affected Software1

WPVulnDB•added 2015/03/18 12:0 a.m.•22 views

Live Forms - Visual Form Builder 3.0.1 - Blind SQL Injection

The AJAX action ‘getreqlist’ is available to all logged in users. The parameter ‘ipp’ sent to this action is vulnerable to Blind MySQL Injection. This can be leveraged by detecting how long a query takes to return...

7.5CVSS2.6AI score0.01869EPSS

Exploits0References1Affected Software1

Patchstack•added 2015/03/17 12:0 a.m.•5 views

WordPress Gravity Forms Plugin <= 1.9.3.5 - SQL Injection

This plugin is prone to an SQL injection vulnerability, because the sortcolumn GET parameter is not sufficiently sanitised before being used within an SQL query. Solution Update the plugin...

2.4AI score

Exploits0References1Affected Software1

WPVulnDB•added 2015/03/17 12:0 a.m.•21 views

Gravity Forms 1.8 <= 1.9.3.5 - Authenticated Blind SQL Injection

Title: Gravity Forms 1.8 = 1.9.3.5 - Blind SQL Injection CVE-2015-2260 Version/s Tested: 1.9.3.1 Description: Gravity Forms is one of the most popular WordPress plugins gravityforms used to create forms for WordPress sites. The latest version at the time of writing 1.9.3.5 contains an authenticat...

8.4AI score0.05826EPSS

Exploits3References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by