Lucene search
K

857 matches found

Prion
Prion
added 2019/05/17 10:29 p.m.19 views

Design/Logic Flaw

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...

9CVSS9AI score0.08749EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2019/05/17 10:29 p.m.14 views

CVE-2019-12170

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...

8.8CVSS7.7AI score
Exploits0References3
Cvelist
Cvelist
added 2019/05/17 9:52 p.m.25 views

CVE-2019-12170

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...

9AI score0.08749EPSS
Exploits3References3
OSV
OSV
added 2019/05/17 3:29 p.m.2 views

DEBIAN-CVE-2019-8937

HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mesefine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizzatabelle.php...

6.1CVSS5.9AI score0.1068EPSS
Exploits5References1
OSV
OSV
added 2019/03/30 2:29 p.m.11 views

CVE-2019-10652

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature...

7.2CVSS7AI score
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2019/03/28 8:5 p.m.94 views

Authentication Bypass in PAN-OS Management Web Interface

An Authentication Bypass vulnerability exists in the PAN-OS Management Web Interface. Ref PAN-113675, CVE-2019-1572 Successful exploitation of this issue may allow an unauthenticated remote user to access php files. This issue affects Only PAN-OS 9.0.0 Work around: This issue affects the web-base...

1.5AI score0.02469EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/03/26 10:29 p.m.20 views

Design/Logic Flaw

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files...

5CVSS7.6AI score0.02469EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/03/26 10:29 p.m.23 views

CVE-2019-1572

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files...

7.5CVSS7.6AI score0.02469EPSS
Exploits0References2
OSV
OSV
added 2019/03/26 10:29 p.m.4 views

CVE-2019-1572

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files...

7.5CVSS7.2AI score0.02469EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/03/26 9:48 p.m.28 views

CVE-2019-1572

PAN-OS 9.0.0 may allow an unauthenticated remote user to access php files...

7.6AI score0.02469EPSS
Exploits0References2
Prion
Prion
added 2019/03/21 4:0 p.m.12 views

Directory traversal

In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory...

9CVSS7.2AI score0.07362EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/03/17 9:58 p.m.21 views

CVE-2018-19512

In Webgalamb through 7.0, a system/ajax.php "wgmfile restore" directory traversal vulnerability could lead to arbitrary code execution by authenticated administrator users, because PHP files are restored under the document root directory...

7.3AI score0.07362EPSS
Exploits2References2
Veracode
Veracode
added 2019/03/15 3:3 a.m.35 views

Cross-Site Request Forgery (CSRF)

wordpress is vulnerable to cross-site request forgery CSRF. The vulnerability exists as it does not have any CSRF protections in place to prevent forged request when posting comments. Moreover, a lack of comment content filtering when an administrative user posts a comment, allows a remote attack...

8.8CVSS8.5AI score0.4375EPSS
Exploits4References8Affected Software2
Cvelist
Cvelist
added 2019/03/15 3:0 a.m.14 views

CVE-2019-9829

Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/defaultpc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates...

9AI score0.02035EPSS
Exploits1References1
Prion
Prion
added 2019/03/14 4:29 p.m.19 views

Design/Logic Flaw

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS...

6.8CVSS8.6AI score0.4375EPSS
Exploits4References8Affected Software1
NVD
NVD
added 2019/03/14 4:29 p.m.26 views

CVE-2019-9787

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS...

8.8CVSS9.2AI score0.4375EPSS
Exploits4References8
OSV
OSV
added 2019/03/14 4:29 p.m.33 views

CVE-2019-9787

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS...

8.8CVSS6.8AI score
Exploits0References8
Debian CVE
Debian CVE
added 2019/03/14 4:0 p.m.34 views

CVE-2019-9787

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS...

8.8CVSS8.5AI score0.4375EPSS
Exploits4
CNVD
CNVD
added 2019/03/13 12:0 a.m.2 views

File Upload Vulnerability in Pole CMS v1.1.1

Pole CMS is an open source web content management system based on php5+mysql5 development. A file upload vulnerability exists in the Pole CMS ac.php page. An attacker can exploit the vulnerability to upload php files to gain server privileges...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2019/02/11 3:0 a.m.34 views

CVE-2019-7721

lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters...

7.6AI score0.01184EPSS
Exploits1References1
Rows per page
Query Builder