Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

99 matches found

Packet Storm
Packet Stormadded 2024/09/01 12:0 a.m.145 views

Oracle Demantra Database Credentials Leak

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Demantra Database Credentials Leak', 'Description' = %q This module exploits a database credentials leak found in Oracle Demantra 12.2.1 i...

5CVSS6.6AI score0.8237EPSS
Exploits7
seebug.org
seebug.orgadded 2017/09/14 12:0 a.m.80 views

ProcessMaker Enterprise Core Code Execution Vulnerability(CVE-2016-9045)

Summary A code execution vulnerability exists in ProcessMarker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. Tested...

8.9AI score0.00579EPSS
Exploits2
seebug.org
seebug.orgadded 2017/09/13 12:0 a.m.23 views

Open Fire User Import Export Plugin XML External Entity Injection(CVE-2017-2815)

Summary An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

8.4AI score0.00333EPSS
Exploits1
Talos Blog
Talos Blogadded 2017/07/19 9:13 a.m.137 views

Vulnerabilities in ProcessMaker, WebFOCUS, and OpenFire Identified and Patched

Today, Talos is disclosing several vulnerabilities that have been identified by Portcullis in various software products. All four vulnerabilities have been responsibly disclosed to each respective developer in order ensure they are addressed. In order better protect our customers, Talos has also...

1.1AI score0.03316EPSS
Exploits5
Packet Storm
Packet Stormadded 2016/02/05 12:0 a.m.54 views

Viprinet Multichannel VPN Router 300 Cross Site Scripting

Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet Multichannel VPN Router 300 CVE: CVE-2014-2045 Vendor: Viprinet Product: Multichannel VPN Router 300 Affected version: 2013070830/2013080900 Fixed version: 2014013131/2014020702 Reported by: Tim Brown Details: The data...

5.8CVSS0.03969EPSS
Exploits5
exploitpack
exploitpackadded 2016/02/03 12:0 a.m.37 views

Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting

Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet Multichannel VPN Router 300 CVE: CVE-2014-2045 Vendor: Viprinet Product: Multichannel VPN Router 300 Affected version: 2013070830/2013080900 Fixed...

4.3CVSS0.03969EPSS
Exploits5
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.76 views

CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine

Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...

6.8CVSS0.1AI score0.00966EPSS
Exploits4
Packet Storm
Packet Stormadded 2015/09/26 12:0 a.m.50 views

X2Engine 4.2 Cross Site Request Forgery

Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...

6.8CVSS0.7AI score0.00966EPSS
Exploits4
Packet Storm
Packet Stormadded 2015/09/26 12:0 a.m.43 views

X2Engine 4.2 Cross Site Scripting

Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine CVE: CVE-2015-5076 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that the web application was vulnerable to reflective Cross-Site Scripting wher...

4.3CVSS6.7AI score0.00305EPSS
Exploits2
Exploit DB
Exploit DBadded 2015/09/25 12:0 a.m.48 views

X2Engine 4.2 - Arbitrary File Upload

Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5074/ Details: It was discovered that authenticated users were able to upload files of any type providing that the file did not have an extension that was listed in the following blacklist:...

7.5CVSS6.9AI score0.11204EPSS
Exploits5
exploitpack
exploitpackadded 2015/07/14 12:0 a.m.38 views

Pimcore CMS Build 3450 - Directory Traversal

Pimcore CMS Build 3450 - Directory Traversal Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an...

4.9CVSS0.1AI score0.00034EPSS
Exploits5
Packet Storm
Packet Stormadded 2015/07/14 12:0 a.m.50 views

Pimcore CMS Build 3450 Directory Traversal

Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an administrative user with the 'assets' permission to...

4.9CVSS0.1AI score0.00034EPSS
Exploits5
Packet Storm
Packet Stormadded 2015/07/14 12:0 a.m.50 views

Pimcore CMS Build 3450 SQL Injection

Vulnerability title: SQL Injection In Pimcore CMS CVE: CVE-2015-4426 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: Details: It was possible to inject arbitrary SQL into the application provided an administrative accoun...

7.5CVSS0.2AI score0.00003EPSS
Exploits2
exploitpack
exploitpackadded 2015/04/21 12:0 a.m.39 views

BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File RetrievalDeletion

BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File RetrievalDeletion Vulnerability title: Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet CVE: CVE-2014-5370 Vendor: New Atlanta Product: BlueDragon CFChart Servlet Affected version: 7.1.1.17759 Fixed version:...

7.5CVSS0.4AI score0.11515EPSS
Exploits4
Exploit DB
Exploit DBadded 2015/04/21 12:0 a.m.58 views

BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File Retrieval/Deletion

Vulnerability title: Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet CVE: CVE-2014-5370 Vendor: New Atlanta Product: BlueDragon CFChart Servlet Affected version: 7.1.1.17759 Fixed version: 7.1.1.18527 Reported by: Mike Westmacott Details: The CFChart servlet of...

7.5CVSS6.7AI score0.11515EPSS
Exploits4
Packet Storm
Packet Stormadded 2015/04/19 12:0 a.m.46 views

BlueDragon CFChart Servlet 7.1.1.17759 Directory Traversal

Vulnerability title: Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet CVE: CVE-2014-5370 Vendor: New Atlanta Product: BlueDragon CFChart Servlet Affected version: 7.1.1.17759 Fixed version: 7.1.1.18527 Reported by: Mike Westmacott Details: The CFChart servlet of...

7.5CVSS6.7AI score0.11515EPSS
Exploits4
Packet Storm
Packet Stormadded 2014/11/19 12:0 a.m.51 views

Compaq/Hewlett Packard Glance 11.00 Privilege Escalation

Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in Compaq/Hewlett Packard Glance for Linux CVE: CVE-2014-2630 Vendor: Compaq/Hewlett Packard Product: Glance for Linux Affected version: 11.00 and subsequent Fixed version: HPSBMU03086 rev.3 Reported by: Tim...

4.4CVSS0.8AI score0.12237EPSS
Exploits9
seebug.org
seebug.orgadded 2014/11/13 12:0 a.m.37 views

Enalean Tuleap 7.4.99.5 - Blind SQL Injection

No description provided by source. Vulnerability title: Tuleap = 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap CVE: CVE-2014-7176 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz Details: SQL injection has been fou...

6.5CVSS6.5AI score0.13783EPSS
Exploits6
Packet Storm
Packet Stormadded 2014/10/30 12:0 a.m.55 views

F5 Big-IP 11.3.0.39.0 XML External Entity Injection #1

Vulnerability title: XML External Entity Injection in F5 Networks Big-IP CVE: CVE-2014-6032 Vendor: F5 Networks Product: Big-IP Affected version: 11.3.0.39.0 Fixed version: N/A Reported by: Oliver Gruskovnjak Details: F5 Networks Big-IP is vulnerable to an XML External Entity injection attack. Th...

5.5CVSS0.2AI score0.02525EPSS
Exploits2
exploitpack
exploitpackadded 2014/10/28 12:0 a.m.43 views

Enalean Tuleap 7.4.99.5 - Remote Command Execution

Enalean Tuleap 7.4.99.5 - Remote Command Execution Vulnerability title: Tuleap /usr/share/codendi/src/www/passwd.txt && "ozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5...

9.3CVSS0.2AI score0.1039EPSS
Exploits6
Rows per page
Query Builder