CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8828 matches found

Cvelist•added 2019/03/15 3:0 a.m.•11 views

CVE-2019-9829

Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/defaultpc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates...

9AI score0.00719EPSS

Exploits1References1

WPVulnDB•added 2019/02/26 12:0 a.m.•10 views

Ultimate Membership Pro 7.4.2 <= 7.5 - Arbitrary media include

In addition to cropping/rotating/resizing an image of your choosing, you can abuse the imgUrl feature on versions that it's available on 7.4.2+ at least to make an HTTP request to any site you want. For example, by having it connect to a site you control, you can determine the IP address of the...

0.9AI score

Exploits0References2Affected Software1

wpexploit•added 2019/02/26 12:0 a.m.•19 views

Ultimate Membership Pro 7.4.2 <= 7.5 - Arbitrary media include

0.8AI score

Exploits0References2

OSV•added 2019/02/09 10:29 p.m.•2 views

CVE-2019-7678

A directory traversal vulnerability was discovered in Enphase Envoy R3.. via images/, include/, include/js, or include/css on TCP port 8888...

9.8CVSS7.3AI score

Exploits0References2

OSV•added 2019/02/05 4:29 p.m.•1 views

CVE-2019-7402

An issue was discovered in PHPMyWind 5.5. The GetQQ function in include/func.class.php allows XSS via the cfgqqcode parameter. This can be exploited via CSRF...

6.1CVSS6.3AI score0.00154EPSS

Exploits1References1

Tenable Nessus•added 2019/01/02 12:0 a.m.•31 views

SUSE SLED15 / SLES15 Security Update : cups (SUSE-SU-2018:2172-1)

This update for cups fixes the following issues: The following security vulnerabilities were fixed : - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend bsc1096405 - CVE-2018-4181: Limited...

8.2CVSS6.4AI score0.00148EPSS

Exploits0References13

CNVD•added 2018/12/03 12:0 a.m.•2 views

PHP-Proxy Weak Encryption Vulnerability

PHP-Proxy is a web-based proxy script featuring fast, easy customization and the ability to provide support for complex websites such as YouTube and Facebook. A weak encryption vulnerability in the strrotpass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy versions 5.1.0 and...

7.5CVSS6.6AI score0.0016EPSS

Exploits1References1

Prion•added 2018/11/17 10:29 p.m.•14 views

Sql injection

In SeaCMS v6.64, there is SQL injection via the adminmakehtml.php topic parameter because of mishandling in include/mkhtml.func.php...

6.5CVSS7.4AI score0.00247EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/11/17 10:0 p.m.•15 views

CVE-2018-19349

In SeaCMS v6.64, there is SQL injection via the adminmakehtml.php topic parameter because of mishandling in include/mkhtml.func.php...

7.5AI score0.00247EPSS

Exploits1References1

OSV•added 2018/11/16 6:29 p.m.•1 views

CVE-2018-18806

School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb...

9.8CVSS5.8AI score0.00238EPSS

Exploits5References1

OSV•added 2018/11/16 6:29 p.m.•2 views

CVE-2018-18804

Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb...

9.8CVSS5.8AI score0.02512EPSS

Exploits5References2

OSV•added 2018/09/28 7:29 p.m.•20 views

GHSA-4XJH-M3QX-49WC Jekyll allows attackers to access arbitrary files by specifying a symlink

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the include key in the config.yml file...

7.5CVSS7.3AI score0.0043EPSS

Exploits0References6

OSV•added 2018/09/28 12:29 a.m.•2 views

DEBIAN-CVE-2018-17567

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

7.5CVSS7AI score0.0043EPSS

Exploits0References1

OSV•added 2018/09/28 12:29 a.m.•1 views

UBUNTU-CVE-2018-17567

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

7.5CVSS7.2AI score0.0043EPSS

Exploits0References4

CNVD•added 2018/09/28 12:0 a.m.•3 views

Jekyll Arbitrary File Access Vulnerability

Jekyll is a static website generator. A security vulnerability exists in Jekyll version 3.6.2 and earlier, version 3.7.x through 3.7.3, and version 3.8.x through 3.8.3. An attacker can exploit the vulnerability by specifying a symbolic link in the 'include' key of the 'config.yml' file to access...

7.5CVSS7.4AI score0.0043EPSS

Exploits0References1

RubySec•added 2018/09/28 12:0 a.m.•68 views

Jekyll _config.yml privilege escalation

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "config.yml" file...

7.5CVSS6.9AI score0.0043EPSS

Exploits0References1Affected Software1

OSV•added 2018/09/24 10:29 p.m.•1 views

CVE-2018-16299

The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter...

7.5CVSS5.8AI score

Exploits0References4

OSV•added 2018/09/11 1:29 p.m.•27 views

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

5.9CVSS6.5AI score

Exploits0References1