Lucene search
+L

284 matches found

WPVulnDB
WPVulnDB
added 2024/01/19 12:0 a.m.14 views

Frontpage Manager <= 1.3 - Cross-Site Request Forgery via admin_page

Description The Frontpage Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the 'adminpage' function. This makes it possible for unauthenticated attackers to change the plugin's...

8.8CVSS6.2AI score0.00237EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/01/16 12:0 a.m.11 views

WordPress Frontpage Manager Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Frontpage Manager Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-22285 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1f9d9fab7402 Credits Dimas Maulana Require...

8.8CVSS6.6AI score0.00237EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2024/01/12 12:0 a.m.27 views

Microsoft Office Code Execution Vulnerability

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...

7.8CVSS7.9AI score0.0326EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/09 12:0 a.m.18 views

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...

7.8CVSS8AI score0.0326EPSS
Exploits0References3
CNVD
CNVD
added 2023/11/16 12:0 a.m.32 views

Microsoft Office Graphics Code Execution Vulnerability

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Common components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code execution vulnerability exists in Microsoft Office Graphics, which can be exploited by an...

7.8CVSS7.7AI score0.00979EPSS
Exploits0References1
Hacker One
Hacker One
added 2023/09/25 5:8 p.m.103 views

U.S. Dept Of Defense: Information Disclosure FrontPage Configuration Information

An information disclosure vulnerability was discovered in the Microsoft FrontPage configuration of a subdomain. This vulnerability allowed an attacker to view the version number and scripting paths of Sharepoint using Firefox...

6.2AI score
Exploits0
CNVD
CNVD
added 2023/09/15 12:0 a.m.38 views

Microsoft Office Spoofing Vulnerability (CNVD-2024-02719)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, and so on. Microsoft Office has a spoofing vulnerability that can be exploited by attackers to conduct spoofing...

5.5CVSS6.5AI score0.0119EPSS
Exploits0References1
CNVD
CNVD
added 2023/08/12 12:0 a.m.48 views

Microsoft Office Code Execution Vulnerability (CNVD-2024-02722)

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...

7.8CVSS7.9AI score0.01084EPSS
Exploits0References1
CNVD
CNVD
added 2022/12/19 12:0 a.m.57 views

Microsoft Office Graphics remote code execution vulnerability (CNVD-2022-89423)

Microsoft Office is an office software suite product of the United States Microsoft Corporation Microsoft. Common components of the product include Word, Excel, Access, Powerpoint, FrontPage, etc. A remote code execution vulnerability exists in Microsoft Office Graphics. An attacker could exploit...

7.8CVSS2.6AI score0.00784EPSS
Exploits0References1
NVD
NVD
added 2022/08/01 1:15 p.m.29 views

CVE-2022-2170

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

4.8CVSS0.01089EPSS
Exploits2References1
OSV
OSV
added 2022/08/01 1:15 p.m.8 views

CVE-2022-2170

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

4.8CVSS5.8AI score0.01089EPSS
Exploits2References1
Prion
Prion
added 2022/08/01 1:15 p.m.16 views

Cross site scripting

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

4.3CVSS4.5AI score0.01089EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/07 12:0 a.m.21 views

Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. PoC Put the followi...

4.8CVSS1.6AI score0.01089EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/02/10 12:0 a.m.15 views

Microsoft Office ClickToRun Remote Code Execution Vulnerability

Microsoft Office is an office software suite product from the United States Microsoft Corporation Microsoft. The product commonly used components include Word, Excel, Access, Powerpoint, FrontPage, etc. Microsoft Office ClickToRun there is a remote code execution vulnerability, there are no detai...

7.8CVSS3.1AI score0.02571EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/13 12:0 a.m.6 views

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A security vulnerability exists in Microsoft Office. The following products and versions are...

5.3CVSS6.8AI score0.01664EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/05/12 12:0 a.m.20 views

Microsoft FrontPage Insecure Extension Configuration

An information disclosure vulnerability is present on the remote server due to exposure of Microsoft FrontPage extensions configuration files in the vtipvt directory. No source data...

6.9AI score
Exploits0References1
Hacker One
Hacker One
added 2019/12/19 11:3 a.m.49 views

MTN Group: Information Disclosure FrontPage Configuration Information /_vti_inf.html in https://www.mtn.co.za/

Hi there i found a information disclosure Microsoft FrontPage configuration in the subdomain https://www.mtn.co.za/ that allows me to see version number and scripting paths off sharepoint using firefox. POC: Go to the following url: https://www.mtn.co.za/vtiinf.html and you will see a blank page...

6.2AI score
Exploits0
CNVD
CNVD
added 2019/01/21 12:0 a.m.2 views

Multiple Vulnerabilities in Joomla FPSS Art Frontpage Slideshow Component

Joomla is an open source content management system CMS. Database disclosure, open redirection, and SQL injection vulnerabilities exist in the Joomla FPSS Art Frontpage Slideshow component. An attacker can exploit the vulnerabilities to obtain sensitive information...

7.9AI score
Exploits0References1
Packet Storm
Packet Storm
added 2019/01/20 12:0 a.m.97 views

Joomla FPSS Art Frontpage Slideshow 1.6.0 Database Disclose / SQL Injection

Exploit Title : Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 19/01/2019 Vendor Homepage : artetics.com Software Information Link :...

0.1AI score
Exploits0
Metasploit
Metasploit
added 2018/08/27 6:20 p.m.308 views

FrontPage .pwd File Credential Dump

This module downloads and parses the 'vtipvt/service.pwd', 'vtipvt/administrators.pwd', and 'vtipvt/authors.pwd' files on a FrontPage server to find credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

7.2AI score
Exploits0
Rows per page
Query Builder