Lucene search
K

116 matches found

Openbugbounty
Openbugbounty
added 2019/10/02 11:40 p.m.10 views

a.tvn.pl Cross Site Scripting vulnerability

Security Researcher logindenied Helped patch 7927 vulnerabilities Received 8 Coordinated Disclosure badges Received 76 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting a.tvn.pl website and its users. Following coordinated...

6.5AI score
Exploits0
Openbugbounty
Openbugbounty
added 2019/03/19 6:46 p.m.5 views

cutt.us Cross Site Scripting vulnerability OBB-775618

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| cutt.us ---|--- Open Bug Bounty Program...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/05/02 10:44 a.m.7 views

aeiou.pt Cross Site Scripting vulnerability OBB-611055

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| aeiou.pt ---|--- Open Bug Bounty...

6.3AI score
Exploits0
Prion
Prion
added 2017/06/27 5:29 p.m.55 views

Code injection

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References7Affected Software2
OSV
OSV
added 2017/06/27 5:29 p.m.49 views

CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

9.8CVSS7.8AI score0.99999EPSS
Exploits19References8
Cvelist
Cvelist
added 2017/06/27 5:0 p.m.33 views

CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

9.8AI score0.99999EPSS
Exploits19References7
Prion
Prion
added 2017/04/25 8:59 p.m.15 views

Remote code execution

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data...

9CVSS9.8AI score0.36338EPSS
Exploits2References1Affected Software2
Prion
Prion
added 2015/09/21 7:59 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data...

2.6CVSS6.2AI score0.00913EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2015/09/11 12:0 a.m.54 views

FineCms 免费版任意文件上传漏洞

路径:dayrui/libraries/Chart/ofcuploadimage.php $defaultpath = '../tmp-upload-images/'; if !fileexists$defaultpath mkdir$defaultpath, 0777, true; $destination = $defaultpath . basename $GET 'name' ; echo 'Saving your image to: '. $destination; $jfh = fopen$destination, 'w' or die"can't open file";...

7AI score
Exploits0
OSV
OSV
added 2014/11/15 8:59 p.m.6 views

CVE-2014-3707

The curleasyduphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPTCOPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information...

4.3CVSS6.2AI score0.05121EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2014/04/09 12:0 a.m.5 views

PT-2014-1326 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.2 before 8.25.47 Cisco Adaptive Security Appliance ASA Software versions 8.3 before 8.32.40 Cisco Adaptive Security Appliance ASA Software versions 8.4 before 8.47.3 Cisco Adaptive...

5CVSS9.3AI score0.01906EPSS
Exploits0References6
NVD
NVD
added 2013/12/30 4:53 a.m.18 views

CVE-2013-5220

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service device crash via crafted HTTP POST data...

6.1CVSS6.5AI score0.04743EPSS
Exploits6References2
Prion
Prion
added 2013/12/30 4:53 a.m.20 views

Code injection

goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service device crash via crafted HTTP POST data...

6.1CVSS7AI score0.04743EPSS
Exploits6References2Affected Software1
OSV
OSV
added 2007/08/07 10:17 a.m.4 views

DEBIAN-CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

5.8CVSS7.2AI score0.0621EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/08/07 10:0 a.m.26 views

CVE-2007-4174

Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid...

6.6AI score0.0621EPSS
Exploits0References9
Exploit DB
Exploit DB
added 2005/06/30 12:0 a.m.59 views

WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection

!/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a...

7.4AI score
Exploits0
Rows per page
Query Builder