CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1446 matches found

Cvelist•added 2020/09/03 9:7 p.m.•22 views

CVE-2020-25006

Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code...

9.8AI score0.02255EPSS

Exploits0References2

CVE•added 2020/09/03 9:7 p.m.•55 views

CVE-2020-25006

The CVE-2020-25006 entry concerns Heybbs v1.2, with a SQL injection vulnerability in login.php via the username parameter that may allow a remote attacker to execute arbitrary code. The affected component is the login logic in Heybbs 1.2; underlying cause is a SQL injection flaw in user authentic...

9.8CVSS9.7AI score0.02255EPSS

Exploits0References2Affected Software1

0day.today•added 2020/07/27 12:0 a.m.•264 views

elaniin CMS - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: elaniin CMS 1.0 - Authentication Bypass Exploit Author: BKpatron Vendor Homepage:https://elaniin.com/ Software Link:https://github.com/elaniin/CMS/archive/master.zip Version: v1.0 Tested on: Win 10 CVE: N/A Vulnerability: Attack...

Exploits0

OSV•added 2020/04/27 1:15 p.m.•17 views

CVE-2020-12273

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

7.5CVSS6.8AI score

Exploits0References2

NVD•added 2020/03/20 3:15 a.m.•15 views

CVE-2019-19484

Open redirect via parameter ‘p’ in login.php in Centreon 19.04.4 and below allows an attacker to craft a payload and execute unintended behavior...

6.1CVSS6.3AI score0.00854EPSS

Exploits0References1

CVE•added 2020/03/20 2:37 a.m.•86 views

CVE-2019-19484

CVE-2019-19484 affects Centreon prior to version 19.04.5 (19.04.4 and below) and is due to an open redirect in login.php via the p URL parameter. An attacker can craft a payload to trigger unintended behavior by redirecting to an arbitrary URL. The linked records (including Red Hat advisory refer...

6.1CVSS6.2AI score0.00854EPSS

Exploits0References1Affected Software1

CNVD•added 2020/03/20 12:0 a.m.•4 views

Centreon Input Validation Error Vulnerability (CNVD-2020-21242)

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring functions on the network , system and application resources . An input validation error vulnerability exists in Centreon 19.04.4 and earlier version...

6.1CVSS6.8AI score0.00854EPSS

Exploits0References1

Prion•added 2020/03/12 2:15 p.m.•13 views

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-failed-login.php by adding a question mark ? followed by the payload...

3.5CVSS4.9AI score0.00611EPSS

Exploits1References2Affected Software1

Prion•added 2020/02/17 4:15 p.m.•18 views

Cross site scripting

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

4.3CVSS5.9AI score0.01376EPSS

Exploits1References3Affected Software1

Cvelist•added 2020/02/17 3:1 p.m.•35 views

CVE-2020-6850

6AI score0.01376EPSS

Exploits1References3

Prion•added 2020/02/05 10:15 p.m.•11 views

Design/Logic Flaw

bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter...

4.3CVSS6.2AI score0.0082EPSS

Exploits1References1Affected Software1

OSV•added 2020/02/05 8:15 p.m.•16 views

CVE-2019-20173

The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...

6.1CVSS5.8AI score0.02462EPSS

Exploits1References3

Prion•added 2020/02/05 8:15 p.m.•16 views

Design/Logic Flaw

The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...

4.3CVSS6AI score0.02462EPSS

Exploits1References3Affected Software1

Cvelist•added 2020/02/05 7:50 p.m.•19 views

CVE-2019-20173

The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...

6AI score0.02462EPSS

Exploits1References3

WPVulnDB•added 2020/01/31 12:0 a.m.•17 views

Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter

XSS via a wle parameter associated with wp-login.php. PoC WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...

4.3CVSS3.9AI score0.02462EPSS

Exploits1References1Affected Software1

Exploit DB•added 2020/01/06 12:0 a.m.•196 views

elaniin CMS 1.0 - Authentication Bypass

Exploit Title: elaniin CMS 1.0 - Authentication Bypass Author: riamloo Date: 2020-01-02 Vendor Homepage: https://elaniin.com/ github == https://github.com/elaniin/ Software Link: https://github.com/elaniin/CMS/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: Open-source Conte...

7.4AI score

Exploits0

Packet Storm•added 2020/01/01 12:0 a.m.•91 views

BloodX 1.0 SQL Injection

Exploit Title: BloodX 1.0 - Authentication Bypass Author: riamloo Date: 2019-12-31 Vendor Homepage: https://github.com/diveshlunker/BloodX Software Link: https://github.com/diveshlunker/BloodX/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: An standalone platform which lets...

0.1AI score

Exploits0

NVD•added 2019/10/10 12:10 p.m.•15 views

CVE-2019-17430

EyouCms through 2019-07-11 has XSS related to the login.php webrecordnum parameter...

6.1CVSS6.1AI score0.00977EPSS

Exploits0References2

Prion•added 2019/10/10 12:10 p.m.•11 views

Cross site scripting

EyouCms through 2019-07-11 has XSS related to the login.php webrecordnum parameter...

4.3CVSS6AI score0.00977EPSS

Exploits0References2Affected Software1