Lucene search
K

586 matches found

exploitpack
exploitpack
added 2014/07/06 12:0 a.m.8 views

Frog CMS 0.9.5 - Arbitrary File Upload

Frog CMS 0.9.5 - Arbitrary File Upload Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5 Date : 2014-07-07 Exploit Author : Javid Hussain Vendor Homepage : http://www.madebyfrog.com Exploit-DB Note: All authenticated users can upload files. If the file does not have execute permissions the C...

0.5AI score
Exploits0
CVE
CVE
added 2014/02/06 3:0 p.m.46 views

CVE-2013-7319

CVE-2013-7319 concerns the WordPress Download Manager plugin prior to version 2.5.9. The vulnerability is a cross-site scripting (XSS) flaw in the title field, where user-supplied input can be injected as script/HTML and executed in the context of the affected site. The issue arises from insuffic...

4.3CVSS6AI score0.04576EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2014/01/16 9:55 p.m.16 views

CVE-2012-6628

Multiple cross-site scripting XSS vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 xyzemcampName to admin/createcampaign.php or 2 admin/editcampaign.php, 3 xyzememail parameter to admin/editemail.ph...

4.3CVSS5.9AI score0.02058EPSS
Exploits1References3
Prion
Prion
added 2014/01/16 9:55 p.m.18 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change an email address or 2 conduct script insertion attacks. NOTE: the provenance o...

6.8CVSS7.6AI score0.00986EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2014/01/16 9:0 p.m.42 views

CVE-2012-6628

CVE-2012-6628 reports multiple cross-site scripting (XSS) vulnerabilities in the WordPress Newsletter Manager plugin before 1.0.2. The issue allows remote attackers to inject arbitrary script/HTML via one of five vectors: (1) xyz_em_campName to admin/create_campaign.php, (2) xyz_em_campName to ad...

4.3CVSS6AI score0.02058EPSS
Exploits1References3Affected Software1
exploitpack
exploitpack
added 2012/07/02 12:0 a.m.12 views

Getsimple CMS Items Manager Plugin - PHP.php Arbitrary File Upload

Getsimple CMS Items Manager Plugin - PHP.php Arbitrary File Upload source: https://www.securityfocus.com/bid/54255/info Items Manager Plugin for GetSimple CMS is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately...

0.3AI score
Exploits0
OpenVAS
OpenVAS
added 2012/06/11 12:0 a.m.23 views

WordPress HTML5 AV Manager Plugin 'custom.php' Arbitrary File Upload Vulnerability

WordPress HTML5 AV Manager Plugin is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.2AI score
Exploits0References4
exploitpack
exploitpack
added 2012/06/08 12:0 a.m.23 views

WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload

WordPress Plugin Front File Manager 0.1 - Arbitrary File Upload Exploit Title: Wordpress front file manager 0.1 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/front-file-manager/ Date: 07/06/2012 Exploit Author: Adrien Thierry adrien dot thierryfr at gmail dot com Vendor Homepage:...

0.6AI score
Exploits0
OpenVAS
OpenVAS
added 2012/06/08 12:0 a.m.24 views

WordPress Asset Manager Plugin 0.2 'upload.php' Arbitrary File Upload Vulnerability - Active Check

WordPress Asset Manager Plugin is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS6.9AI score0.01144EPSS
Exploits0References6
exploitpack
exploitpack
added 2010/07/11 12:0 a.m.12 views

Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities

Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Sun 11 Jul 2010 10:22:48 AM EEST Vendor: http://www.madebyfrog.com/ Download: http://www.madebyfrog.com/public/download/files/frog095.tar.gz --- -= CSRF PoC 1 - Create Admin User =- Frog CMS 0.9.5 Multiple CSRF...

0.9AI score
Exploits0
OpenVAS
OpenVAS
added 2010/02/19 12:0 a.m.34 views

DokuWiki Multiple CSRF Vulnerabilities

Dokuwiki is prone to multiple Cross Site Scripting vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.8CVSS6AI score0.0177EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2010/02/15 6:30 p.m.30 views

CVE-2010-0287

Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...

5CVSS6AI score0.10612EPSS
Exploits0References2
NVD
NVD
added 2010/02/15 6:30 p.m.13 views

CVE-2010-0288

A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...

7.5CVSS6.6AI score0.10546EPSS
Exploits0References12
Prion
Prion
added 2010/02/15 6:30 p.m.20 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...

6.8CVSS7.6AI score0.0177EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2010/02/15 6:30 p.m.25 views

CVE-2010-0287

Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...

5CVSS6.5AI score0.10612EPSS
Exploits0References11
NVD
NVD
added 2010/02/15 6:30 p.m.19 views

CVE-2010-0289

Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...

6.8CVSS7.1AI score0.0177EPSS
Exploits0References9
OSV
OSV
added 2010/02/15 6:30 p.m.8 views

CVE-2010-0288

A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...

6.6AI score
Exploits0References12
OSV
OSV
added 2010/02/15 6:30 p.m.2 views

UBUNTU-CVE-2010-0288

A typo in the administrator permission check in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010...

7.5CVSS5.8AI score0.10546EPSS
Exploits0References3
OSV
OSV
added 2010/02/15 6:30 p.m.2 views

DEBIAN-CVE-2010-0289

Multiple cross-site request forgery CSRF vulnerabilities in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown...

6.8CVSS7AI score0.0177EPSS
Exploits0References1
OSV
OSV
added 2010/02/15 6:30 p.m.3 views

DEBIAN-CVE-2010-0287

Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...

5CVSS6.6AI score0.10612EPSS
Exploits0References1
Rows per page
Query Builder