Lucene search
K

967 matches found

Debian
Debian
added 2016/01/17 6:27 p.m.65 views

[SECURITY] [DLA 392-1] roundcube security update

Package : roundcube Version : 0.3.1-6+deb6u1 CVE ID : CVE-2015-8770 High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to...

7.5CVSS7.8AI score0.22212EPSS
Exploits5
ArchLinux
ArchLinux
added 2016/01/17 12:0 a.m.35 views

roundcubemail: remote code execution

High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server. The vulnerability exists du...

6CVSS1.7AI score0.22212EPSS
Exploits5References5
seebug.org
seebug.org
added 2016/01/14 12:0 a.m.31 views

Fanwe O2O商业系统index.php处的POST参数topic_id存在SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/12/11 12:0 a.m.61 views

bitrix.mpbuilder Bitrix 1.0.10 Local File Inclusion

Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015...

9CVSS0.1AI score0.06631EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2015/11/24 12:0 a.m.55 views

Centreon 2.6.x < 2.6.2 File Upload RCE

According to its version number, the Centreon application hosted on the remote web server is 2.6.x prior to 2.6.2. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of user-uploaded files via the main.php script. An authenticated, remote attacker can...

6.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/11/09 12:0 a.m.34 views

ManageEngine AssetExplorer < 6.1.0 Build 6113 Multiple XSS

The version of ManageEngine AssetExplorer running on the remote host is prior to 6.1.0 build 6113. It is, therefore, affected by multiple cross-site scripting XSS vulnerabilities : - A cross-site scripting vulnerability exists due to improper validation of input to the Publisher name before...

4.3CVSS5.8AI score0.0774EPSS
Exploits6References3
Packet Storm
Packet Storm
added 2015/10/29 12:0 a.m.27 views

Joomla JNews SQL Injection

Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management. Exploit Title: Joomla component comjnews - SQL injection Google Dork: inurl:option=comjnews Date: 2015-10-29 Exploit Author: Omer Ramić Twitter:...

0.3AI score
Exploits0
0day.today
0day.today
added 2015/10/29 12:0 a.m.56 views

Joomla JNews (com_jnews) Component 8.5.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management. Exploit Title: Joomla component comjnews - SQL injection Google Dork: inurl:option=comjnews Date: 2015-10-29 Explo...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/09/29 12:0 a.m.25 views

Centreon 2.6.1 Persistent Cross Site Scripting

Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2015/09/28 12:0 a.m.42 views

Centreon 2.6.1 - Multiple Vulnerabilities

Centreon 2.6.1 - Multiple Vulnerabilities Centreon 2.6.1 Command Injection Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for...

0.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/09/26 12:0 a.m.48 views

Centreon 2.6.1 Command Injection Vulnerability

Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The POST parameter 'persistant' which serves for making a new service run in the background is not properly...

6AI score
Exploits0
exploitpack
exploitpack
added 2015/09/15 12:0 a.m.16 views

WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection

WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection Exploit Title: WordPress: cp-reservation-calendar 1.1.6 SQLi injection Date: 2015-09-15 Google Dork: Index of /wp-content/plugins/cp-reservation-calendar/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Software Link:...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/06/16 12:0 a.m.38 views

phpMoAdmin saveObject Remote Command Execution

The remote web server is hosting a version of phpMoAdmin that is affected by a remote code execution vulnerability due to improper sanitization of input passed via the 'object' POST parameter in the saveObject function in the moadmin.php script. A remote attacker can exploit this, via a specially...

7.5CVSS9.2AI score0.61959EPSS
Exploits8References2
NVD
NVD
added 2015/05/27 6:59 p.m.19 views

CVE-2015-4065

Cross-site scripting XSS vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php...

3.5CVSS5.3AI score0.03947EPSS
Exploits6References4
Prion
Prion
added 2015/05/27 6:59 p.m.17 views

Sql injection

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...

6.5CVSS8.5AI score0.03779EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2015/05/27 6:59 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php...

3.5CVSS5.7AI score0.03947EPSS
Exploits6References4Affected Software1
Cvelist
Cvelist
added 2015/05/27 6:0 p.m.34 views

CVE-2015-4064

SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...

7.9AI score0.03779EPSS
Exploits5References4
CVE
CVE
added 2015/05/27 6:0 p.m.55 views

CVE-2015-4065

Summary (CVE-2015-4065) : The WordPress Landing Pages plugin (versions before 1.8.5) contains an XSS vulnerability in shared/shortcodes/inbound-shortcodes.php. An authenticated remote user can inject arbitrary script/HTML via the post parameter passed to wp-admin/post-new.php, caused by echoing u...

3.5CVSS5.3AI score0.03947EPSS
Exploits6References4Affected Software1
Patchstack
Patchstack
added 2015/05/26 12:0 a.m.22 views

WordPress Landing Pages Plugin <= 1.8.4 - XSS

Cross-site scripting XSS vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php. Solution Upgrade the plugin...

3.5CVSS3.1AI score0.03947EPSS
Exploits6References1Affected Software1
0day.today
0day.today
added 2015/05/15 12:0 a.m.23 views

WordPress Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress Booking Calendar Contact Form 1.0.2Multiple vulnerabilities Date: 2015-05-01 Google Dork: Index of /wordpress/wp-content/plugins/booking-calendar-contact-form/ Exploit Author: Joaquin Ramirez Martinez i0akiN...

7.1AI score
Exploits0
Rows per page
Query Builder