Lucene search
K

967 matches found

Veracode
Veracode
added 2017/03/10 5:17 a.m.15 views

Remote Code Execution (RCE)

Apache Continuum is vulnerable to remote code execution RCE. A malicious user can inject a command into the system via the varValue POST parameter to get shell access...

7.9AI score
Exploits0
Prion
Prion
added 2017/03/09 9:59 a.m.23 views

Sql injection

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/subscriberlist.php with the POST Parameter: listid...

6.5CVSS7.3AI score0.01701EPSS
Exploits2References2Affected Software1
0day.today
0day.today
added 2017/03/05 12:0 a.m.59 views

EPSON TMNet WebConfig 1.00 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00 Google Dork: intitle:"EPSON TMNet WebConfig Ver.1.00" Date: 3/3/2017 Exploit Author: Michael Benich Vendor Homepage: https://www.epson-biz.com/ Software Link:...

4.3CVSS6.4AI score0.03329EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/03/03 12:0 a.m.44 views

EPSON TMNet WebConfig 1.00 - Cross-Site Scripting

Exploit Title: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00 Google Dork: intitle:"EPSON TMNet WebConfig Ver.1.00" Date: 3/3/2017 Exploit Author: Michael Benich Vendor Homepage: https://www.epson-biz.com/ Software Link: https://c4b.epson-biz.com/modules/community/index.php?contentid=50 Versio...

6.1CVSS7AI score0.03329EPSS
Exploits5
Prion
Prion
added 2017/02/21 7:59 a.m.21 views

Sql injection

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/campaign/countofsend.php Requires authentication to Wordpress admin with the POST Parameter: campid...

6.5CVSS7.8AI score0.05217EPSS
Exploits7References3Affected Software1
NVD
NVD
added 2017/02/21 7:59 a.m.19 views

CVE-2017-6097

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/campaign/countofsend.php Requires authentication to Wordpress admin with the POST Parameter: campid...

7.2CVSS7.4AI score0.05217EPSS
Exploits7References3
Cvelist
Cvelist
added 2017/02/21 7:46 a.m.29 views

CVE-2017-6098

A SQL injection issue was discovered in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects /inc/campaignsave.php Requires authentication to Wordpress admin with the POST Parameter: listid...

8AI score0.05173EPSS
Exploits7References3
exploitpack
exploitpack
added 2017/02/18 12:0 a.m.87 views

WordPress Plugin Mail Masta 1.0 - SQL Injection

WordPress Plugin Mail Masta 1.0 - SQL Injection Exploit Title: Multiple SQL injection vulnerabilities in Mail Masta aka mail-masta plugin 1.0 for Wordpress. Date: 02/18/2017 Exploit Author: Hanley Shun Vendor Homepage: https://wpcore.com/plugin/mail-masta Software Link:...

7.5CVSS0.5AI score0.05643EPSS
Exploits10
CNVD
CNVD
added 2017/02/14 12:0 a.m.7 views

IT ITems DataBase Cross-Site Scripting Vulnerability

ITITems DataBase ITDB is a set of Web-based asset inventory management tools. A security vulnerability exists in ITITDB 1.23 and earlier versions, which originates when the "value" HTTP POST parameter is passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examplessupport/editableajax.php" URL...

6.1CVSS6.7AI score0.00836EPSS
Exploits1References1
Prion
Prion
added 2017/02/10 7:59 a.m.16 views

Authorization

An issue was discovered in IT ITems DataBase ITDB through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examplessupport/editableajax.php" URL. An attacker could execute...

4.3CVSS7.4AI score0.00836EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2017/02/10 7:59 a.m.15 views

CVE-2016-10216

An issue was discovered in IT ITems DataBase ITDB through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examplessupport/editableajax.php" URL. An attacker could execute...

6.1CVSS7.1AI score
Exploits0References1
Hacker One
Hacker One
added 2017/02/06 6:51 p.m.273 views

Pornhub: Time Based SQL-inject in post-parametr login[username] [domain - youporn.com]

The researcher discovered a time based blind SQL injection on a POST login parameter...

1.1AI score
Exploits0
Prion
Prion
added 2016/12/30 7:59 a.m.17 views

Code injection

include/functionsinstaller.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include call in the...

7.5CVSS7.4AI score0.02883EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2016/12/30 7:59 a.m.16 views

CVE-2016-10082

include/functionsinstaller.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include call in the...

9.8CVSS9.6AI score0.02883EPSS
Exploits0References3
seebug.org
seebug.org
added 2016/07/12 12:0 a.m.16 views

TopMPS information classification system post.php parameter catid wide-character injection vulnerability

No description provided by source...

7.1AI score
Exploits0
OSV
OSV
added 2016/07/03 2:59 p.m.5 views

CVE-2016-3962

Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attacker...

7.3CVSS6.1AI score
Exploits0References2
0day.today
0day.today
added 2016/06/14 12:0 a.m.17 views

Apache Continuum - Arbitrary Command Execution (Metasploit)

Exploit for linux platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Continuum Arbitrary Command Execution', 'Description' = %q This module exploits a...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2016/06/07 12:0 a.m.22 views

Centreon 'POST' Parameter File Upload Vulnerability

Centreon is prone to file upload vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:centreon:centreon"; ifdescription...

7.3AI score
Exploits0References2
OSV
OSV
added 2016/02/26 5:59 a.m.3 views

CVE-2016-1297

The Device Manager GUI in Cisco Application Control Engine ACE 4710 A5 before A53.1 allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801...

8.8CVSS6.1AI score0.02801EPSS
Exploits0References2
exploitpack
exploitpack
added 2016/02/26 12:0 a.m.47 views

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer...

0.4AI score
Exploits0
Rows per page
Query Builder