Lucene search
K

98 matches found

OSV
OSV
added 2020/06/04 7:15 p.m.4 views

CVE-2020-11680

Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store,...

6.5CVSS6.6AI score0.01166EPSS
Exploits2References3
Cvelist
Cvelist
added 2020/06/04 6:31 p.m.19 views

CVE-2020-11679

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional...

9AI score0.02018EPSS
Exploits3References3
Packet Storm
Packet Storm
added 2020/05/06 12:0 a.m.103 views

Online Clothing Store 1.0 Cross Site Scripting

Exploit Title: Online Clothing Store 1.0 - Persistent Cross-Site Scripting Date: 2020-05-05 Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...

7.4AI score
Exploits0
Veracode
Veracode
added 2020/02/25 11:3 a.m.21 views

Insecure File Permission

dnn.platform is vulnerable to insecure file permission. The vulnerability is possible because of missing whitelisted file extension check for permissible file types for normal user at server side, allowing a low privileged normal user to upload files with extensions which are allowed only for...

6.5CVSS2.6AI score0.01815EPSS
Exploits3References5Affected Software1
Exploit DB
Exploit DB
added 2020/02/24 12:0 a.m.145 views

DotNetNuke 9.5 - File Upload Restrictions Bypass

Exploit Title: DotNetNuke 9.5 - File Upload Restrictions Bypass Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link: https://github.com/dnnsoftware/Dnn.Platform/releases/download/v9.5.0/DNNPlatform9.5.0Install.zip Version: = 9.5 CVE : N/A More...

7.4AI score
Exploits0
NVD
NVD
added 2019/11/20 4:15 p.m.40 views

CVE-2019-5542

VMware Workstation 15.x before 15.5.1 and Fusion 11.x before 11.5.1 contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM...

7.7CVSS7.5AI score0.00897EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/20 3:11 p.m.35 views

CVE-2019-5542

VMware Workstation 15.x before 15.5.1 and Fusion 11.x before 11.5.1 contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM...

8.4AI score0.00897EPSS
Exploits0References1
OSV
OSV
added 2019/06/17 8:15 p.m.3 views

CVE-2017-9383

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port3480". It seems that the UPnP services provide "wget" as one of the service actions for a normal...

9.9CVSS5.8AI score0.0251EPSS
Exploits1References3
OSV
OSV
added 2018/09/14 7:29 a.m.4 views

CVE-2018-17037

user/editpost.php in UCMS 1.4.6 mishandles levels, which allows escalation from the normal user level of 1 to the superuser level of 3...

8.8CVSS5.8AI score0.00957EPSS
Exploits1References1
Prion
Prion
added 2018/07/25 1:29 p.m.21 views

Null pointer dereference

VMware ESXi 6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC...

4CVSS6.3AI score0.02999EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2018/07/25 1:0 p.m.25 views

CVE-2018-6972

VMware ESXi 6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC...

6.3AI score0.02999EPSS
Exploits0References4
NVD
NVD
added 2018/07/09 8:29 p.m.25 views

CVE-2018-6966

VMware ESXi 6.7 before ESXi670-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user...

8.1CVSS7.6AI score0.02257EPSS
Exploits0References3
NVD
NVD
added 2018/07/09 8:29 p.m.24 views

CVE-2018-6965

VMware ESXi 6.7 before ESXi670-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user...

8.1CVSS7.6AI score0.02975EPSS
Exploits0References3
OSV
OSV
added 2018/07/09 8:29 p.m.3 views

CVE-2018-6967

VMware ESXi 6.7 before ESXi670-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user...

8.1CVSS5.8AI score0.02257EPSS
Exploits0References3
Prion
Prion
added 2018/07/09 8:29 p.m.19 views

Out-of-bounds

VMware ESXi 6.7 before ESXi670-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user...

5.5CVSS7.5AI score0.02975EPSS
Exploits0References3Affected Software3
Cvelist
Cvelist
added 2018/07/09 8:0 p.m.25 views

CVE-2018-6965

VMware ESXi 6.7 before ESXi670-201806401-BG, Workstation 14.x before 14.1.2, and Fusion 10.x before 10.1.2 contain an out-of-bounds read vulnerability in the shader translator. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user...

7.6AI score0.02975EPSS
Exploits0References3
OSV
OSV
added 2018/06/14 12:29 p.m.3 views

CVE-2018-8209

An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

8CVSS5.8AI score0.02594EPSS
Exploits0References3
CNVD
CNVD
added 2018/05/10 12:0 a.m.3 views

Authentication Bypass Vulnerability in Huawei iBMC Products

Huawei iBMC system is a server remote management system from Huawei, China. An authentication bypass vulnerability exists in the Huawei iBMC product. The vulnerability is due to improper verification of upload privileges, where a remote attacker with normal user privileges could upload...

7.2CVSS7.2AI score0.00321EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/27 12:0 a.m.2 views

Arbitrary file read vulnerability in cms made simple backend for normal users

CMS Made Simple is an open source content management system. It is built using PHP and Smarty Engine , which separates content , functionality and templates . cms made simple version 2.2.7 version of the background for file preview there is an arbitrary file read vulnerability , an attacker can...

7AI score
Exploits0
PyPA
PyPA
added 2018/03/13 3:29 p.m.6 views

PYSEC-2018-109

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

6.5CVSS6.8AI score0.00696EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder