Lucene search
K

58 matches found

Packet Storm
Packet Storm
added 2019/02/02 12:0 a.m.498 views

SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting

Issue: Reflected Cross-Site Scripting CVE: CVE-2018-19934 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 current as of Dec 2018 Fixed in: Serv-U 15.1.6 hotfix 3 Overview The Serv-U FTP Server is vulnerable to a...

5.3AI score0.05525EPSS
Exploits3
0day.today
0day.today
added 2019/02/02 12:0 a.m.69 views

SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting Vulnerability

Exploit for windows platform in category web applications Issue: Reflected Cross-Site Scripting CVE: CVE-2018-19934 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 current as of Dec 2018 Fixed in: Serv-U 15.1.6...

5.7AI score0.05525EPSS
Exploits3
0day.today
0day.today
added 2018/05/18 12:0 a.m.153 views

Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution', 'Description' = %q This...

7.5CVSS9.6AI score0.98931EPSS
Exploits19
Exploit DB
Exploit DB
added 2017/10/22 12:0 a.m.59 views

WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)

Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Vulnerable version:Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip //////////////////////// /// Overview: //////////////////////// WordPress Polls plugin is a tool for creating polls and survey...

7.4AI score
Exploits0
Prion
Prion
added 2017/02/10 7:59 a.m.14 views

Authorization

An issue was discovered in IT ITems DataBase ITDB through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examplessupport/editableajax.php" URL. An attacker could execute...

4.3CVSS7.4AI score0.00836EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/02/10 7:59 a.m.13 views

CVE-2016-10216

An issue was discovered in IT ITems DataBase ITDB through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examplessupport/editableajax.php" URL. An attacker could execute...

6.1CVSS7.1AI score
Exploits0References1
Debian
Debian
added 2016/01/17 6:27 p.m.30 views

[SECURITY] [DLA 392-1] roundcube security update

Package : roundcube Version : 0.3.1-6+deb6u1 CVE ID : CVE-2015-8770 High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to...

7.5CVSS7.8AI score0.22212EPSS
Exploits5
ArchLinux
ArchLinux
added 2016/01/17 12:0 a.m.35 views

roundcubemail: remote code execution

High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server. The vulnerability exists du...

6CVSS1.7AI score0.22212EPSS
Exploits5References5
Packet Storm
Packet Storm
added 2015/12/11 12:0 a.m.61 views

bitrix.mpbuilder Bitrix 1.0.10 Local File Inclusion

Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015...

9CVSS0.1AI score0.06631EPSS
Exploits5
htbridge
htbridge
added 2015/04/08 12:0 a.m.512 views

Multiple Vulnerabilities in TheCartPress WordPress plugin

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in TheCartPress WordPress plugin, which can be exploited to execute arbitrary PHP code, disclose sensitive data, and perform Cross-Site Scripting attacks against users of WordPress installations with the vulnerable plugin....

7.6CVSS1.3AI score0.21674EPSS
Exploits8Affected Software1
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.72 views

SQL Injection in Е2

Advisory ID: HTB23222 Product: Е2 Vendor: Ilya Birman Vulnerable Versions: v2844 and probably prior Tested Version: v2844 Advisory Publication: July 2, 2014 without technical details Vendor Notification: July 2, 2014 Vendor Patch: July 3, 2014 Public Disclosure: July 23, 2014 Vulnerability Type:...

7.5CVSS0.3AI score0.02348EPSS
Exploits3
0day.today
0day.today
added 2014/04/10 12:0 a.m.37 views

csChat-R-Box Script Site Cross-Site Scripting Vulnerability

Exploit for cgi platform in category web applications Exploit Title: "csChat-R-Box Script Site" Cross-Site Scripting XSS Google Dork: csChatRBox.cgi Date: 4/10/2014 Exploit Author: Satanic2000 Vendor Homepage: http://www.cgiscript.net Software Link:...

7.1AI score
Exploits0
htbridge
htbridge
added 2014/02/06 12:0 a.m.45 views

Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in VideoWhisper Live Streaming Integration, which can be exploited to execute arbitrary code on the target system, gain access to potentially sensitive data, perform Cross-Site Scripting XSS attacks against users of...

9.3CVSS0.7AI score0.1093EPSS
Exploits12Affected Software1
htbridge
htbridge
added 2014/01/15 12:0 a.m.54 views

SQL Injection in doorGets CMS

High-Tech Bridge Security Research Lab discovered vulnerability in doorGets CMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in doorGets CMS: CVE-2014-1459 The vulnerability exists due to insufficient validation of "positiondownid" HTTP POST parameter passed to...

5.1CVSS8AI score0.02269EPSS
Exploits5Affected Software1
0day.today
0day.today
added 2013/12/12 12:0 a.m.37 views

InstantCMS 1.10.3 SQL Injection Vulnerability

InstantCMS version 1.10.3 suffers from a remote SQL injection vulnerability. Vendor: InstantSoft Vulnerable Versions: 1.10.3 and probably prior Tested Version: 1.10.3 Advisory Publication: November 20, 2013 without technical details Vendor Notification: November 20, 2013 Vendor Patch: November 21...

7.5CVSS7.5AI score0.01299EPSS
Exploits7
0day.today
0day.today
added 2013/12/03 12:0 a.m.93 views

Chamilo LMS 1.9.6 (profile.php, password0 param) - SQL Injection Vulnerability

Exploit for php platform in category web applications High-Tech Bridge Security Research Lab discovered vulnerability in Chamilo LMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in Chamilo LMS: CVE-2013-6787 The vulnerability exists due to insufficient validation of...

6CVSS6.5AI score0.02739EPSS
Exploits6
htbridge
htbridge
added 2010/11/30 12:0 a.m.22 views

Multiple Vulnerabilities in BEdita

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BEdita which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in BEdita The vulnerability exists due to input sanitation error in...

5.1CVSS7AI score
Exploits0Affected Software1
NVD
NVD
added 2006/12/27 11:28 p.m.16 views

CVE-2006-6773

pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the isadmin HTTP POST parameter to 1...

7.5CVSS6.8AI score0.02426EPSS
Exploits1References5
Rows per page
Query Builder