Lucene search
K

61 matches found

Huntr
Huntr
added 2023/01/12 6:34 p.m.13 views

Path Traversal - Archiving Files to Zip

Description The Tiny File Manager pack files feature is vulnerable to path traversal, which allows an attacker to access files that reside outside the web document root directory. The vulnerability occurs as the "file" parameter is not sanitized properly, thus allowing a malicious user to input...

7.2AI score
Exploits0References1
Cvelist
Cvelist
added 2021/09/01 2:24 p.m.22 views

CVE-2021-35218 Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could potentially exploit this and compromise the server...

8.9CVSS9.1AI score0.76411EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/07/10 12:0 a.m.19 views

Cisco Firepower Device Manager Web Interface Detection

Binary data ciscofirepowerdevicemanagerwebuidetect.nbin...

7.3AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/03/11 5:16 a.m.1 views

Cross-site Scripting Vulnerability in JP1/Performance Management - Manager [Web Console]

Overview A Cross-site Scripting Vulnerability was found in JP1/Performance Management - Manager Web Console. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

6.5AI score
Exploits0References2
OSV
OSV
added 2020/01/15 5:15 p.m.5 views

CVE-2020-2637

Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager component: Change Manager - web based. Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access vi...

6CVSS6.6AI score0.01159EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/09 12:0 a.m.3 views

Cisco Unified Communications Manager WEB Interface SQL Injection Vulnerability

Cisco Unified Communications Manager is a unified communications solution. A SQL injection vulnerability exists in the Cisco Unified Communications Manager WEB interface, which could be exploited by remote attackers to submit a specially crafted SQL request to manipulate a database, obtain...

4.9CVSS8.4AI score0.01495EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/08/06 12:0 a.m.11 views

The vulnerability of the Cisco Unified Communications Manager web framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Unified Communications Manager web framework is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially created...

6.5CVSS5.5AI score0.01739EPSS
Exploits0References2
CNVD
CNVD
added 2019/04/02 12:0 a.m.2 views

Micro Focus Content Manager File Upload Vulnerability

Micro Focus Content Manager is an electronic document and records management system. A file upload vulnerability exists in the Web client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. An attacker could exploit this vulnerability ...

7.5CVSS7.3AI score0.01691EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/12 12:0 p.m.17 views

CVE-2018-13998

ClipperCMS 1.3.3 has stored XSS via the Full Name field of 1 Security - Manager Users or 2 Security - Web Users...

5AI score0.0067EPSS
Exploits1References1
Prion
Prion
added 2017/09/19 3:29 p.m.20 views

Unrestricted file upload

Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file...

6.5CVSS7.7AI score0.07352EPSS
Exploits3References2Affected Software1
CNVD
CNVD
added 2017/05/22 12:0 a.m.4 views

Cisco Remote Expert Manager Temporary File Information Disclosure Vulnerability

Cisco Remote Expert Manager Software is the United States Cisco Cisco a remote management software. The software remote screen sharing, screen annotation and session recording and other collaborative functions. Cisco Remote Expert Manager Software has a temporary file information disclosure...

5.3CVSS6.6AI score0.02663EPSS
Exploits0References1
OSV
OSV
added 2016/11/25 3:59 a.m.1 views

CVE-2016-3028

IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leveraging LMI admin access...

9.1CVSS6AI score0.03537EPSS
Exploits0References5
myhack58
myhack58
added 2016/06/03 12:0 a.m.27 views

Easily using Vulnerability CVE-2 0 1 6-4 5 0 2 ranged attack power plants-vulnerability warning-the black bar safety net

! Repair hopeless? You can only deactivate the function or replace the device! Recently,without a patch the vulnerability, CVE-2 0 1 6-4 5 0 2 be found use in industrial control systems,has now been found that power plants use industrial control system may be severely affected,contrive evil...

1.2AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/04/28 12:0 a.m.20 views

SolarWinds Storage Resource Monitor Profiler Module HostStorageServlet SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the HostStorageServlet servlet in th...

10CVSS6AI score0.70167EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/04/28 12:0 a.m.27 views

SolarWinds Storage Resource Monitor Profiler Module HostStorageServlet SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the HostStorageServlet servlet in th...

10CVSS6.1AI score0.70167EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/04/28 12:0 a.m.32 views

SolarWinds Storage Resource Monitor Profiler Module XiotechMonitorServlet SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the XiotechMonitorServlet servlet in...

10CVSS6.1AI score0.70167EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2016/04/28 12:0 a.m.18 views

SolarWinds Storage Resource Monitor Profiler Module BackupAssociationServlet SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor Profiler Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of the BackupAssociationServlet servlet...

10CVSS5.3AI score0.70167EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/23 12:0 a.m.7 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Test Manager for Web Apps Component (CNVD-2016-00668)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified vulnerability in the Oracle Application Testing Suite Test Manager for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the vulnerability to...

6.4CVSS6.8AI score0.8075EPSS
Exploits6References1
CNVD
CNVD
added 2016/01/23 12:0 a.m.6 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Test Manager for Web Apps Component (CNVD-2016-00704)

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified vulnerability in the Oracle Application Testing Suite Test Manager for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the vulnerability to...

6.4CVSS9.1AI score0.6531EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/23 12:0 a.m.6 views

Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Test Manager for Web Apps Component

Oracle Enterprise Manager is an enhanced management suite for ORACLE Fusion endpoint software. An unspecified security vulnerability in the Oracle Application Testing Suite Test Manager for Web Apps component of Oracle Enterprise Manager Grid Control allows remote attackers to exploit the...

6.5CVSS6.8AI score0.54782EPSS
Exploits0References1
Rows per page
Query Builder