CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added 2015/04/29 12:0 a.m.•73 views

WordPress TheCartPress 1.3.9 XSS / Local File Inclusion

4.3CVSS7.5AI score0.21674EPSS

exploitpack•added 2015/04/29 12:0 a.m.•54 views

WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities

WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities Advisory ID: HTB23254 Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Versions: 1.3.9 and probably prior Tested Version: 1.3.9 Advisory Publication: April 8, 2015 without technical details Vendor...

5CVSS0.1AI score0.21674EPSS

0day.today•added 2015/04/29 12:0 a.m.•87 views

WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities

Exploit for php platform in category web applications Product: TheCartPress WordPress plugin Vendor: TheCartPress team Vulnerable Versions: 1.3.9 and probably prior Tested Version: 1.3.9 Advisory Publication: April 8, 2015 without technical details Vendor Notification: April 8, 2015 Public...

4CVSS0.2AI score0.21674EPSS

Patchstack•added 2015/04/29 12:0 a.m.•21 views

WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities

TheCartPress plugin is prone to multiple vulnerabilities, such as local PHP file inclusion, stored XSS, improper access control and multiple XSS vulnerabilities. Solution Update the plugin...

4.3CVSS1.7AI score0.06422EPSS

Exploits5References1Affected Software1

Exploit DB•added 2015/04/29 12:0 a.m.•73 views

WordPress Plugin TheCartPress 1.3.9 - Multiple Vulnerabilities

7.5CVSS7.7AI score0.21674EPSS

Packet Storm•added 2015/04/23 12:0 a.m.•17 views

Avsarsoft Matbaa Script Cross Site Scripting / Shell Upload

Title : Avsarsoft Matbaa Script - Multiple Vulnerabilities Author : ZoRLu / [email protected] Website : milw00rm.com / milw00rm.net / milw00rm.org Twitter : https://twitter.com/milw00rm or @milw00rm Test : Windows7 Ultimate Discovery : 15/04/15 Publish : 23/04/15 Thks : exploit-db.com,...

0.2AI score

seebug.org•added 2015/04/09 12:0 a.m.•46 views

大米CMS最新版一个参数引发多处sql注入，绕过防御(附验证脚本)

简要描述：过滤不严详细说明：出现注入的地方是在ApiAction.class.php文件ajaxarclist函数 function ajaxarclist $prefix = !empty$REQUEST'prefix'?bool$REQUEST'prefix':true; //表过滤防止泄露信息,只允许的表 if!inarray$REQUEST'model',array'article','type','ad','label','link'exit; if!empty$REQUEST'model' if$prefix == true $model =...

0day.today•added 2015/03/27 12:0 a.m.•26 views

Berta CMS File Upload Bypass Vulnerability

Exploit for php platform in category web applications Berta CMS is a web based content management system using PHP and local file storage. http://www.berta.me/ Due to use of a 3rd party Berta CMS website to redirect links within a phishing email brought to our attention we checked the file upload...

Tenable Nessus•added 2015/02/25 12:0 a.m.•34 views

X2Engine < 3.5.1 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is prior to version 3.5.1. It is, therefore, potentially affected by multiple vulnerabilities : - A PHP file inclusion vulnerability exists due to insufficient sanitization of the 'file' HTTP GET paramete...

8.5CVSS5.3AI score0.05791EPSS

Exploits6References5

EUVD•added 2015/01/29 3:0 p.m.•6 views

EUVD-2015-1559

Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...

4.3CVSS5.7AI score0.04076EPSS

Exploits1References7

exploitpack•added 2015/01/09 12:0 a.m.•13 views

vBulletin MicroCART 1.1.4 - Arbitrary Files Deletion SQL Injection Cross-Site Scripting

vBulletin MicroCART 1.1.4 - Arbitrary Files Deletion SQL Injection Cross-Site Scripting Exploit Title: vBulletin MicroCART 1.1.4 - Arbitrary Files Deletion, SQL Injection & XSS Date: January 8, 2015 Exploit Author: Technidev https://technidev.com Vendor Homepage: https://vbulletin.com Software...

0.4AI score

seebug.org•added 2014/12/27 12:0 a.m.•23 views

方维购物分享最新版前台代码漏洞

简要描述：一步两步似魔鬼的步伐详细说明：缺陷文件： /core/function/global.func.php 如下： / 显示页面 @param string $cachefile 缓存路径 @param bool $issession 是否更新session @param bool $isreturn 是否返回页面内容 @return mixed / function display$cachefile = '',$issession = true,$isreturn = false global $FANWE; $content = NULL;...

Packet Storm•added 2014/12/17 12:0 a.m.•39 views

E-Journal 1.0 Shell Upload / SQL Injection

========================================================================================== E-Journal Old Version Multiple Vulnerabilities ==========================================================================================...

0.2AI score

seebug.org•added 2014/12/03 12:0 a.m.•55 views

ECStore开源网店系统任意文件修改漏洞可拿shell

简要描述：模板编辑中的文件编辑功能，对可编辑的文件限制不严，导致可以修改系统中存在的任意文件详细说明：文件编辑功能中选择要修改的文件，这里选图片（模板文件也可以），然后上传图片时将filename参数设置为网站的任意php文件，如/index.php或/config/config.php，将图片内容设置为shell内容。。。。 post数据如下： POST /index.php/shopadmin/index.php?app=site&ctl=adminexplorertheme&act=saveimage HTTP/1.1 Host: shop.xxx.com...