Lucene search
K

87 matches found

Prion
Prion
added 2017/02/14 6:59 a.m.11 views

Design/Logic Flaw

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in...

3.5CVSS7.3AI score0.0051EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/02/12 4:59 a.m.13 views

CVE-2017-5961

An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tinymce/plugins/codemirror/dialog.php" URL. An attacker could execu...

6.1CVSS6.4AI score0.00985EPSS
Exploits1References2
Prion
Prion
added 2017/02/10 7:59 a.m.16 views

Authorization

An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodllaudiourl" HTTP GET parameter passed to the "filterpoodllmoodle322016112802/poodll/mp3recorderskins/brazil/index.php" URL. An...

4.3CVSS6.4AI score0.00874EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2016/04/04 3:35 p.m.32 views

Moderate: Red Hat Security Advisory: spacewalk-java security update

An update for spacewalk-java is now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

6.1CVSS6.2AI score0.01578EPSS
Exploits0References10
Exploit DB
Exploit DB
added 2016/01/15 12:0 a.m.96 views

mcart.xls Bitrix Module 6.5.2 - SQL Injection

Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Public Disclosure: January 13, 2016 Vulnerabilit...

8CVSS7.9AI score0.02731EPSS
Exploits5
htbridge
htbridge
added 2015/05/06 12:0 a.m.508 views

Local PHP File Inclusion in ResourceSpace

High-Tech Bridge Security Research Lab discovered vulnerability in ResourceSpace, which can be exploited to include arbitrary local PHP file, execute PHP code, and compromise vulnerable web application and even entire web server on which the application is hosted. The vulnerability exists due to...

7.6CVSS6.5AI score0.08083EPSS
Exploits3Affected Software1
Packet Storm
Packet Storm
added 2014/12/17 12:0 a.m.85 views

Revive Adserver 3.0.5 Cross Site Scripting

Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Versions: 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 without technical details Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 Publi...

4.3CVSS6.5AI score0.02309EPSS
Exploits3
WPVulnDB
WPVulnDB
added 2014/12/07 12:0 a.m.26 views

ChurcHope Theme <= 2.1 - Local File Inclusion (LFI)

The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible. PoC http://www.example.com/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php...

0.9AI score
Exploits0References2Affected Software1
htbridge
htbridge
added 2014/09/17 12:0 a.m.53 views

Two XSS in Contact Form DB WordPress plugin

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Contact Form DB WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin installed. 1 Two Cross-Site Scripting XSS...

2.6CVSS0.1AI score0.02041EPSS
Exploits3Affected Software1
htbridge
htbridge
added 2014/08/06 12:0 a.m.47 views

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms

High-Tech Bridge Security Research Lab discovered two vulnerabilities in Forma Lms, which can be exploited to perform Cross-Site Scripting XSS attacks against vulnerable website. 1 Reflected Cross-Site Scripting XSS in Forma Lms: CVE-2014-5257 1.1 The vulnerability exists due to insufficient...

4.3CVSS6.2AI score0.01891EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2014/07/10 12:0 a.m.14 views

WordPress Game-Tabs plugin 'n' Parameter Cross Site Scripting Vulnerability

WordPress Game-Tabs Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS5.7AI score0.01629EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Apache JackRabbit 2.0.0 webapp XPath Injection

No description provided by source. Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

Asn Guestbook 1.5 - header.php version Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14356/info Asn Guestbook is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issu...

7.1AI score
Exploits0
htbridge
htbridge
added 2014/02/06 12:0 a.m.45 views

Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in VideoWhisper Live Streaming Integration, which can be exploited to execute arbitrary code on the target system, gain access to potentially sensitive data, perform Cross-Site Scripting XSS attacks against users of...

9.3CVSS0.7AI score0.1093EPSS
Exploits12Affected Software1
htbridge
htbridge
added 2014/01/30 12:0 a.m.141 views

SQL Injection in AdRotate

High-Tech Bridge Security Research Lab discovered vulnerability in AdRotate, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in AdRotate: CVE-2014-1854 The vulnerability exists due to insufficient validation of "track" HTTP GET parameter passed to...

7.5CVSS1.5AI score0.05412EPSS
Exploits7Affected Software1
htbridge
htbridge
added 2013/12/05 12:0 a.m.42 views

Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin

High-Tech Bridge Security Research Lab discovered vulnerability in Ad-minister Wordpress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Ad-minister Wordpress plugin: CVE-2013-6993 The vulnerability exists due to insufficient sanitisation ...

2.6CVSS0.3AI score0.02023EPSS
Exploits4Affected Software1
0day.today
0day.today
added 2013/11/27 12:0 a.m.65 views

Dokeos 2.2 RC2 SQL Injection Vulnerability

Dokeos version 2.2 RC2 suffers from a remote SQL injection vulnerability. Vendor: Dokeos Vulnerable Versions: 2.2 RC2 and probably prior Tested Version: 2.2 RC2 Advisory Publication: October 30, 2013 without technical details Vendor Notification: October 30, 2013 Public Disclosure: November 27,...

7.5CVSS7.6AI score0.02279EPSS
Exploits6
htbridge
htbridge
added 2013/10/02 12:0 a.m.59 views

Cross-Site Scripting (XSS) in GuppY

High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in GuppY, which can be exploited to perform Cross-Site Scripting attacks against users of vulnerable application. 1 Cross-Site Scripting XSS in GuppY: CVE-2013-5983 1.1 The vulnerability exists due to insufficient...

4.3CVSS5.6AI score0.02177EPSS
Exploits1Affected Software1
Exploit DB
Exploit DB
added 2013/08/02 12:0 a.m.43 views

Cotonti 0.9.13 - SQL Injection

Advisory ID: HTB23164 Product: Cotonti Vendor: Cotonti Team Vulnerable Versions: 0.9.13 and probably prior Tested Version: 0.9.13 Vendor Notification: July 10, 2013 Vendor Patch: July 17, 2013 Public Disclosure: July 31, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2013-4789...

7.5CVSS7AI score0.02624EPSS
Exploits5
htbridge
htbridge
added 2013/04/10 12:0 a.m.37 views

SQL Injection in b2evolution

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in b2evolution, which can be exploited to alter SQL requests passed to the vulnerable application's database. 1 SQL Injection in b2evolution: CVE-2013-2945 The vulnerability exists due to insufficient validation of HTTP...

5.1CVSS0.7AI score0.02771EPSS
Exploits5Affected Software1
Rows per page
Query Builder