CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

167 matches found

NVD•added 2020/08/21 7:15 p.m.•14 views

CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

6.5CVSS6.3AI score0.00146EPSS

Exploits1References2

CNVD•added 2020/06/22 12:0 a.m.•5 views

Unnamed Vulnerability in GitLab (CNVD-2021-19411)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...

5.3CVSS6.2AI score0.00177EPSS

Exploits0References1

OSV•added 2020/06/19 11:15 p.m.•11 views

CVE-2020-13261

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...

2.7CVSS6.5AI score0.00177EPSS

Exploits0References3

UbuntuCve•added 2020/06/19 11:15 p.m.•23 views

CVE-2020-13261

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...

5.3CVSS5.9AI score0.00177EPSS

Exploits0References4

CVE•added 2020/06/19 10:11 p.m.•73 views

CVE-2020-13261

CVE-2020-13261 affects GitLab CE/EE 12.6 through 13.0.1, where Amazon EKS credentials can be disclosed to other administrators via HTML source code. Connected sources confirm the vulnerability and affected ranges, but do not provide concrete exploit steps or a published remediation version. The i...

5.3CVSS3.6AI score0.00177EPSS

Exploits0References3Affected Software1

Cvelist•added 2020/06/19 10:11 p.m.•11 views

CVE-2020-13261

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code...

5.3CVSS5AI score0.00177EPSS

Exploits0References3

Debian CVE•added 2020/06/19 10:11 p.m.•24 views

CVE-2020-13261

Removed by vendor...

5.3CVSS5.8AI score0.00177EPSS

Exploits0

Packet Storm•added 2020/05/08 12:0 a.m.•128 views

WebTareas 2.0p8 Cross Site Scripting

Exploit Title: WebTareas v2.0p8 - Login Portal - Reflected Cross Site Scripting XSS Exploit Author: Bobby Cooke Date: May 7th, 2020 Vendor Homepage: http://webtareas.sf.net/ Software Link: https://sourceforge.net/projects/webtareas/files/2.0p8/webTareas-v2.0p8.zip/download Version: v2.0p8 Tested...

7.4AI score

Exploits0

NVD•added 2020/03/19 6:15 p.m.•10 views

CVE-2019-15653

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...

7.5CVSS7.8AI score0.00805EPSS

Exploits1References2

Prion•added 2020/03/19 6:15 p.m.•10 views

Design/Logic Flaw

5CVSS7.7AI score0.00805EPSS

Exploits1References2

NVD•added 2020/02/16 9:15 p.m.•13 views

CVE-2020-9013

Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting from the HTML source code...

4.3CVSS4.6AI score0.00226EPSS

Exploits1References3

Prion•added 2020/02/16 9:15 p.m.•8 views

Code injection

Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting from the HTML source code...

4CVSS4.7AI score0.00226EPSS

Exploits1References3Affected Software1

NVD•added 2020/01/08 6:15 a.m.•8 views

CVE-2020-6170

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...

9.8CVSS9.6AI score0.09768EPSS

Exploits5References2

Prion•added 2020/01/08 6:15 a.m.•9 views

Authentication flaw

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...

5CVSS9.6AI score0.09768EPSS

Exploits5References2Affected Software1

Cvelist•added 2020/01/08 5:30 a.m.•11 views

CVE-2020-6170

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...

9.7AI score0.09768EPSS

Exploits5References2

CVE•added 2020/01/08 5:30 a.m.•130 views

CVE-2020-6170

CVE-2020-6170 affects Genexis Platinum-4410 v2.1 (Firmware P4410-V2–1.28). The issue is an authentication bypass that allows an attacker to obtain cleartext credentials from the HTML source of the cgi-bin/index2.asp page. Publicly visible exploitation exists (e.g., Exploit-DB, PacketStorm) illust...

9.8CVSS9.6AI score0.09768EPSS

Exploits5References2Affected Software1

Prion•added 2020/01/07 7:15 p.m.•7 views

Information disclosure

An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code...

4CVSS6.4AI score0.00237EPSS

Exploits0References1Affected Software1

NVD•added 2019/09/14 4:15 p.m.•10 views

CVE-2019-16313

ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code...

7.5CVSS7.4AI score0.93999EPSS

Exploits3References1

Prion•added 2019/09/14 4:15 p.m.•13 views

Design/Logic Flaw

ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code...

5CVSS7.4AI score0.93999EPSS

Exploits3References1Affected Software5