Lucene search
K

690 matches found

CVE
CVE
added 2019/09/30 4:3 p.m.65 views

CVE-2019-15810

The CVE-2019-15810 entry concerns Netdisco 2.042010, where insufficient sanitization during the device search allows a reflected XSS via manipulation of a URL parameter. The root cause is inadequate input sanitization in the search path; the impact is a reflected cross-site scripting vulnerabilit...

6.1CVSS5.9AI score0.00878EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/06/14 12:0 a.m.4 views

The vulnerability of the eLearning Server 4G system in terms of access control deficiencies allows an intruder to gain access to the user’s file storage.

The vulnerability of the eLearning Server 4G system for managing learning and development is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to the user’s file storage by replacing the parameters of the current user’s identifie...

4.3CVSS5.4AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2019/03/07 10:0 p.m.24 views

CVE-2013-7467

Simple Machines Forum SMF 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter...

6.4AI score0.00848EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/02/23 9:0 p.m.26 views

CVE-2019-9063

PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount...

6.6AI score0.00944EPSS
Exploits1References1
Prion
Prion
added 2019/02/17 10:29 p.m.16 views

Sql injection

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter...

6.5CVSS7.5AI score0.01215EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2019/01/29 12:0 a.m.116 views

LongBox Limited Access Manager Insecure Direct Object Reference

Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...

9.5AI score0.09641EPSS
Exploits2
NVD
NVD
added 2018/12/17 3:29 p.m.20 views

CVE-2018-18250

Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item...

7.5CVSS7.6AI score0.00995EPSS
Exploits1References2
Hacker One
Hacker One
added 2018/11/11 12:7 p.m.33 views

HackerOne: Open redirect vulnerability in index.php

Summary: Hello Team i would like to report an open redirect on hackerone.com with reference to report 320376. In report 320376 it shows vulnerability i mitigated but still i am able to reproduce it. so all the summary and description remains the same. Redirection is performed by HackerOne website...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/29 12:0 a.m.30 views

RhinOS CMS 3.x - Arbitrary File Download

Exploit Title: RhinOS CMS 3.x - Arbitrary File Download Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.saltos.org/ Software Link: https://netix.dl.sourceforge.net/project/rhinos/archived/r1190/RhinOS-en-3.0-1190.win32.exe Version: 3.1 r0 / 3.x Category: Webapp...

6.5CVSS6.5AI score0.02627EPSS
Exploits5
Prion
Prion
added 2018/10/03 8:29 p.m.10 views

Sql injection

An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter...

7.5CVSS9.8AI score0.02839EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/08/03 12:0 a.m.35 views

CVE-2018-14872

CVE-2018-14872 affects Rincewind 0.1. The issue is a reinstall vulnerability caused by the parameter p in files index.php and commonPages.php , allowing an attacker to reinstall the product and reset all data. Impact described as data loss on reinstall. The provided documents do not include explo...

7.5CVSS7.4AI score0.0098EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/06/13 6:29 p.m.5 views

CVE-2018-10363

An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices...

7.5CVSS5.8AI score0.01367EPSS
Exploits0References1
NVD
NVD
added 2018/01/23 6:29 a.m.20 views

CVE-2018-6022

Directory traversal vulnerability in application/admin/controller/Main.php in NoneCms through 1.3.0 allows remote authenticated users to delete arbitrary files by leveraging back-office access to provide a ..\ in the param.path parameter...

6.5CVSS6.2AI score0.01376EPSS
Exploits1References1
0day.today
0day.today
added 2017/12/11 12:0 a.m.17 views

Responsive Realestate Script 3.2 - property-list?tbud SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Responsive Realestate Script 3.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/responsive-realestate-script/ Version: 3.2...

0.2AI score
Exploits0
Prion
Prion
added 2017/12/08 3:29 p.m.18 views

Command injection

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

9CVSS8.9AI score0.19901EPSS
Exploits8References5Affected Software2
Cvelist
Cvelist
added 2017/12/08 3:0 p.m.33 views

CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

8.9AI score0.19901EPSS
Exploits8References5
Exploit DB
Exploit DB
added 2017/10/24 12:0 a.m.48 views

FS Realtor Clone - 'id' SQL Injection

Exploit Title: FS Realtor Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/realtor-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/10/12 12:0 a.m.17 views

E-Sic Software livre CMS - Autentication Bypass

E-Sic Software livre CMS - Autentication Bypass Exploit Title: E-Sic Software livre CMS - Autentication Bypass Date: 12/10/2017 Exploit Author: Elber Tavares Vendor Homepage: https://softwarepublico.gov.br/ Version: 1.0 Tested on: kali linux, windows 7, 8.1, 10 - Firefox Download...

0.6AI score
Exploits0
OpenVAS
OpenVAS
added 2017/10/05 12:0 a.m.29 views

Apache OpenMeetings 3.2.x Multiple Vulnerabilities

Apache OpenMeetings is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:openmeetings";...

8.2CVSS6.8AI score0.02666EPSS
Exploits0References2
Prion
Prion
added 2017/09/12 9:29 p.m.14 views

Sql injection

In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php...

7.5CVSS9.7AI score0.02918EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder