CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-2897

Malware in sbrugna...

8.8CVSS8.8AI score0.01231EPSS

Exploits5References5

Exploit DB•added 2019/05/22 12:0 a.m.•389 views

Horde Webmail 5.2.22 - Multiple Vulnerabilities

Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...

8.8CVSS7.4AI score0.008EPSS

Exploits7

Prion•added 2019/04/30 7:29 p.m.•14 views

Cross site request forgery (csrf)

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

6.8CVSS8.4AI score0.01231EPSS

Exploits5References3Affected Software1

Cvelist•added 2019/04/30 6:36 p.m.•11 views

CVE-2019-11193

8.6AI score0.01231EPSS

Exploits5References3

CVE•added 2019/04/30 6:36 p.m.•78 views

CVE-2019-11193

CVE-2019-11193 affects InfinitumIT DirectAdmin up to and including v1.561. The FileManager component is vulnerable to XSS via the endpoints CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER, which attackers can trigger to bypass CSRF protection and potentially take over the administration pa...

6.8CVSS8.4AI score0.01231EPSS

Exploits5References3Affected Software1

Positive Technologies•added 2019/04/30 12:0 a.m.•2 views

PT-2019-12174

Name of the Vulnerable Software and Affected Versions InfinitumIT DirectAdmin versions prior to v1.561 Description The issue concerns the FileManager in InfinitumIT DirectAdmin, where an attacker can exploit XSS via CMD FILE MANAGER, CMD SHOW USER, and CMD SHOW RESELLER. This allows the attacker ...

6.8CVSS6.3AI score0.01231EPSS

Exploits5References6

Exploit DB•added 2019/04/15 12:0 a.m.•163 views

DirectAdmin 1.561 - Multiple Vulnerabilities

Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Date: 12.04.2019 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 [email protected] && infinitumit.com.tr Description: Multiple security vulnerabilities ha...

6.8CVSS8.9AI score0.01231EPSS

Exploits5

exploitpack•added 2019/04/15 12:0 a.m.•28 views

DirectAdmin 1.561 - Multiple Vulnerabilities

DirectAdmin 1.561 - Multiple Vulnerabilities Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Date: 12.04.2019 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 [email protected] && infinitumit.com.tr...

6.8CVSS0.4AI score0.01231EPSS

Exploits5

0day.today•added 2019/04/15 12:0 a.m.•50 views

DirectAdmin 1.561 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 email protected && infinitumit.com.tr Description: Multipl...

0.2AI score0.01231EPSS

Exploits5

0day.today•added 2018/11/05 12:0 a.m.•153 views

CentOS Web Panel Root Account Takeover <= v0.9.8.740 Remote Command Execution Exploit

CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote code execution. + Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url =...

8.8CVSS0.4AI score0.02203EPSS

Exploits8

0day.today•added 2018/10/23 12:0 a.m.•45 views

AjentiCP 1.2.23.13 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications + Title: AjentiCP Dir Name Based Stored XSS dir 2- Open this directory in File Manager tool in Ajenti server admin panel. // for secure days... 0day.today 2018-10-24...

6.3AI score0.02243EPSS

Exploits5

Packet Storm•added 2018/10/22 12:0 a.m.•45 views

VestaCP 0.9.8-22 Cross Site Scripting

Title: VestaCP Multiple XSS Vulnerabilities https://IP:8083/list/directory/ - Stored XSS: A visitor may upload a file as named xss payload, using any form in your website. If VestaCP user see this file in the interface, his browser will run the JavaScript. So this vulnerability makes high risk...

6.4AI score0.00234EPSS

Exploits3

Packet Storm•added 2018/09/22 12:0 a.m.•41 views

MyBB Visual Editor 1.8.18 Cross Site Scripting

Title: MyBB Visual Editor Stored XSS YLOADhttp://victim.com/video 4- Post the thread. While victim user replying your post, his browser will run JavaScript. Vulnerable pages: editpost.php newreply.php private.php and all Visual Editor embedded pages. // for secure days...

0.2AI score0.01121EPSS

Exploits5

0day.today•added 2018/09/22 12:0 a.m.•57 views

MyBB Visual Editor 1.8.18 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications + Title: MyBB Visual Editor Stored XSS YLOADhttp://victim.com/video 4- Post the thread. While victim user replying your post, his browser will run JavaScript. Vulnerable pages: editpost.php newreply.php private.php and all Visual Editor embedd...

0.1AI score0.01121EPSS

Exploits5

0day.today•added 2018/08/16 12:0 a.m.•163 views

cPanel Filename Based Stored XSS < v76 Exploit

Usage Info Create a file as named with your payload in /home/user/logs directory or run the php exploit. + Title: cPanel Filename Based Stored XSS http://ip:2082/cpsessXXXXXXXXXX/frontend/THEME/raw/index.html '; else die'An error occured.'; else echo 'Enter your payload: " "...

Exploits0

Packet Storm•added 2018/08/14 12:0 a.m.•39 views

cPanel 76 Cross Site Scripting

Title: cPanel Filename Based Stored XSS http://ip:2082/cpsessXXXXXXXXXX/frontend/THEME/raw/index.html '; else die'An error occured.'; else echo 'Enter your payload: " "'; // end of the script. ? Note: You cant create a file as named with / slash character by this exploit. This vulnerability is...

0.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by