CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3711 matches found

Cvelist•added 2019/09/25 11:36 p.m.•25 views

CVE-2015-9416

The sitepress-multilingual-cms WPML plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header...

6.1AI score0.0102EPSS

Exploits1References2

FreeBSD•added 2019/09/25 12:0 a.m.•40 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-1498 / CVE-2019-10401 Stored XSS vulnerability in expandable textbox form control Medium SECURITY-1525 / CVE-2019-10402 XSS vulnerability in combobox form control Medium SECURITY-1537 1 / CVE-2019-10403 Stored XSS vulnerability in SCM tag...

5.4CVSS5.2AI score0.65753EPSS

Exploits0References1

NVD•added 2019/09/18 6:15 p.m.•16 views

CVE-2019-14458

VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header...

7.8CVSS7.5AI score0.01919EPSS

Exploits0References2

Prion•added 2019/09/18 6:15 p.m.•13 views

Design/Logic Flaw

VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header...

7.8CVSS7.4AI score0.01919EPSS

Exploits0References2

CVE•added 2019/09/18 5:42 p.m.•44 views

CVE-2019-14458

CVE-2019-14458 affects VIVOTEK IP Camera devices with firmware before 0x20x. The vulnerability allows a denial-of-service triggered by a crafted HTTP header. Exploit details, affected models/versions beyond the firmware threshold, and concrete remediation are not provided in the connected documen...

7.8CVSS7.4AI score0.01919EPSS

Exploits0References2Affected Software1

NVD•added 2019/09/17 3:15 p.m.•15 views

CVE-2016-10990

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header...

6.1CVSS6.1AI score0.01418EPSS

Exploits2References2

Prion•added 2019/09/17 3:15 p.m.•9 views

Design/Logic Flaw

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header...

4.3CVSS6.1AI score0.01418EPSS

Exploits2References2Affected Software1

Cvelist•added 2019/09/17 2:30 p.m.•16 views

CVE-2016-10990

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header...

6.2AI score0.01418EPSS

Exploits2References2

NVD•added 2019/09/16 1:15 p.m.•27 views

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

6.1CVSS6.1AI score0.0299EPSS

Exploits5References1

UbuntuCve•added 2019/09/16 1:15 p.m.•17 views

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

6.1CVSS6.3AI score0.0299EPSS

Exploits5References2

Prion•added 2019/09/16 1:15 p.m.•7 views

Design/Logic Flaw

The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header...

4.3CVSS6.1AI score0.0102EPSS

Exploits2References2Affected Software1

Prion•added 2019/09/16 1:15 p.m.•12 views

Cross site scripting

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

4.3CVSS6.1AI score0.0299EPSS

Exploits5References1Affected Software1

CVE•added 2019/09/16 12:27 p.m.•37 views

CVE-2016-10964

CVE-2016-10964 affects the WordPress dwnldr plugin, versions before 1.01. The vulnerability is an XSS via the User-Agent HTTP header in the download handling logic. Public records include an unauthenticated stored XSS PoC and advisories noting the issue. Impact, as stated, is script execution whe...

6.1CVSS6AI score0.0102EPSS

Exploits2References2Affected Software1

CVE•added 2019/09/16 12:2 p.m.•85 views

CVE-2019-16197

CVE-2019-16197 affects Dolibarr 10.0.1, where the value of the HTTP User-Agent header is echoed into the HTML page in htdocs/societe/card.php, causing a reflected XSS. The vulnerability stems from copying header text between HTML tags, allowing potentially injected scripts to execute in the conte...

6.1CVSS5.9AI score0.0299EPSS

Exploits5References1Affected Software1

0day.today•added 2019/09/16 12:0 a.m.•44 views

Dolibarr ERP-CRM 10.0.1 - User-Agent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1...

4.3CVSS0.1AI score0.0299EPSS

Exploits5

OSV•added 2019/09/15 1:24 p.m.•8 views

MGASA-2019-0277 Updated nodejs packages fix security vulnerabilities

This update provides nodejs v6.17.1 fixing at least the following security issues: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer CVE-2017-1000381 Fix for 'path' module regular expression deni...

8.8CVSS6.2AI score0.41288EPSS

Exploits0References22

Packet Storm•added 2019/09/13 12:0 a.m.•219 views

Dolibarr ERP-CRM 10.0.1 Cross Site Scripting

Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux CVE:...

6.2AI score0.0299EPSS

Exploits5

exploitpack•added 2019/09/13 12:0 a.m.•16 views

Dolibarr ERP-CRM 10.0.1 - User-Agent Cross-Site Scripting

Dolibarr ERP-CRM 10.0.1 - User-Agent Cross-Site Scripting Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1...

4.3CVSS6AI score0.0299EPSS

Exploits5