Lucene search
K

54 matches found

Cvelist
Cvelist
added 2015/12/16 9:0 p.m.37 views

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015...

7.9AI score0.98283EPSS
Exploits16References9
NVD
NVD
added 2015/04/14 2:59 p.m.20 views

CVE-2015-2926

Cross-site scripting XSS vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php...

4.3CVSS5.7AI score0.01906EPSS
Exploits2References3
NVD
NVD
added 2015/01/02 8:59 p.m.22 views

CVE-2014-9453

Multiple cross-site scripting XSS vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP User-Agent or 2 HTTP Referer header...

4.3CVSS5.9AI score0.01633EPSS
Exploits1References2
Cvelist
Cvelist
added 2015/01/02 8:0 p.m.27 views

CVE-2014-9453

Multiple cross-site scripting XSS vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP User-Agent or 2 HTTP Referer header...

5.9AI score0.01633EPSS
Exploits1References2
Prion
Prion
added 2014/12/24 11:59 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header...

3.5CVSS5.5AI score0.01417EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/12/24 11:0 a.m.26 views

CVE-2014-6180

Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header...

5.1AI score0.01417EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/06/02 12:0 a.m.19 views

CmsEasy最新版本前台SQL注射 (2)

简要描述: 这几天在尝试做一款PHP源码审计工具,匹配一些初步的规则时扫出来的,并非针对,感谢CmsEasy 详细说明: 还是INSERT注入,/index.php下有一个stats::getbot;这个方法在做什么呐? /lib/table/stats.php public static function getbot $ServerName = $SERVER"SERVERNAME"; $ServerPort = $SERVER"SERVERPORT"; $ScriptName = $SERVER"SCRIPTNAME"; $QueryString =...

7.1AI score
Exploits0
NVD
NVD
added 2013/01/24 9:55 p.m.25 views

CVE-2013-1104

The HTTP Profiling functionality on Cisco Wireless LAN Controller WLC devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636...

9CVSS7.3AI score0.03727EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2012/03/05 12:0 a.m.23 views

ZB Block Cross Site Scripting

-------------------------------------------------------------------------------------------------------------------- Vulnerable Software: // ZAPHOD BREEBLEBROX'S BLOCKER A.K.A. ZB BLOCK // VERSION 0.4.9 Final "Jaguar" 0.4.9Final Developed by HTTP://WWW.SPAMBOTSECURITY.COM...

0.1AI score
Exploits0
Nmap
Nmap
added 2011/08/23 6:29 a.m.739 views

http-joomla-brute NSE Script

Performs brute force password auditing against Joomla web CMS installations. This script initially reads the session cookie and parses the security token to perfom the brute force password auditing. It uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are...

10CVSS0.2AI score0.99448EPSS
Exploits33
Cvelist
Cvelist
added 2006/08/29 12:0 a.m.21 views

CVE-2006-4430

The Cisco Network Admission Control NAC 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access CCA Agent and bypass local and remote protection mechanisms by modifying 1 the HTTP User-Agent header or 2 the behavior of the TCP/IP stack. NOTE: the vendor has...

6.9AI score0.0191EPSS
Exploits0References8
Cvelist
Cvelist
added 2005/12/28 11:0 a.m.23 views

CVE-2005-4559

mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the defaultlayout and layoutsettings variables when an unrecognized HTTPUSERAGENT string is provided, which allows remote attackers to acce...

6.7AI score0.08596EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.6 views

HTTP 'User-Agent' Request Header Detection

Binary data 1735.prm...

7.3AI score
Exploits0
securityvulns
securityvulns
added 2004/03/10 12:0 a.m.82 views

[Full-Disclosure] Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue

-- Corsaire Security Advisory -- Title: Multiple vendor HTTP user agent cookie path traversal issue Date: 12.07.03 Application: Various Environment: Various Author: Martin O'Neal [email protected] Audience: Vendor notification Reference: c030712-001 -- Scope -- The aim of this document is...

7.5CVSS0.09768EPSS
Exploits5
Rows per page
Query Builder