Lucene search
+L

243 matches found

CNVD
CNVD
added 2017/02/03 12:0 a.m.4 views

WordPress REST API Plugin Content Injection Vulnerability

WordPress is a free and open source blogging software and content management system that uses PHP and MySQL as its platform. A content injection vulnerability exists in the WordPress REST API plugin. A remote attacker can exploit the vulnerability to elevate privileges or perform content injectio...

7.2AI score
Exploits0References1
CNVD
CNVD
added 2015/09/06 12:0 a.m.4 views

MyBB Cross-Site Scripting Vulnerability (CNVD-2015-05800)

MyBB is a popular web-based very good free forum software developed with PHP and MySQL. A cross-site scripting vulnerability exists in versions of MyBB prior to 1.8.5, which allows remote attackers to inject arbitrary web script or HTML via the content of a post...

4.3CVSS6AI score0.01939EPSS
Exploits1References1
CNVD
CNVD
added 2015/07/02 12:0 a.m.6 views

GetSimple CMS suffers from multiple cross-site scripting vulnerabilities (CNVD-2015-04182)

GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS versions prior to...

4.3CVSS6.1AI score0.01917EPSS
Exploits1References1
CNVD
CNVD
added 2015/06/09 12:0 a.m.6 views

Novell ZENworks Configuration Management Remote Management Component Directory Traversal Vulnerability

Novell ZENworks Configuration Management is a suite of configuration management solutions.Remote Management is a remote management component. A directory traversal vulnerability exists in the UploadServlet in the Remote Management component of Novell ZCM, which can be exploited by a remote attack...

10CVSS7.9AI score0.14456EPSS
Exploits1References1
myhack58
myhack58
added 2015/03/19 12:0 a.m.27 views

Qi Bo CMS variable coverage leads to sql injection vulnerability analysis report-vulnerability warning-the black bar safety net

Blog post author: Alibaba security research lab—supporting su Release date: 2015-3-10 Blog post content: The recent Alibaba security research laboratory vulnerability monitoring system to monitor attendance Bo cms exist high-risk vulnerabilities that can lead to SQL vulnerability and thus affect...

2.3AI score
Exploits0
WPVulnDB
WPVulnDB
added 2014/08/01 12:0 a.m.15 views

WordPress 3.5 - Shortcodes / Post Content Multiple Unspecified XSS

...

4.3CVSS1.5AI score0.0248EPSS
Exploits1References2Affected Software1
seebug.org
seebug.org
added 2013/12/19 12:0 a.m.26 views

Thinksaas SQL注入#3

简要描述: Thinksaas SQL注入3 详细说明: 在Thinksaas 的小组功能处,发完贴后,可以补贴。 在编辑补贴时,过滤不完整,导致SQL注入,直接可以注入出数据,显示到帖子内容中。 /app/group/action/after.php文件,在边编辑补贴内容时: //编辑执行 case "edo": if$POST'token' != $SESSION'token' tsNotice'非法操作!'; $afterid = intval$POST'afterid'; $strAfter = $new'group'-find'grouptopicadd',array...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2013/09/26 12:0 a.m.18 views

Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery

Hewlett-Packard HP 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery Exploit Title: Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability Date: 26.09.2013r. Exploit Author: Hubert GrÄ…dek PL Software Link: download link if available Tested on: HP-E2620...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2013/09/26 12:0 a.m.37 views

Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery

Exploit Title: Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability Date: 26.09.2013r. Exploit Author: Hubert GrÄ…dek PL Software Link: download link if available Tested on: HP-E2620 24-PoEP // RA.15.05.0006,ROMRA.15.10 HTTP Headers: http://IPADDR/html/json.html Host: IPADD...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2013/07/08 8:55 p.m.29 views

CVE-2013-0236

Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...

4.3CVSS5.9AI score0.0248EPSS
Exploits1References2
Prion
Prion
added 2013/07/08 8:55 p.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...

4.3CVSS5.9AI score0.0248EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2013/07/08 8:55 p.m.24 views

CVE-2013-0236

Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...

4.3CVSS5.6AI score0.0248EPSS
Exploits1References5
OSV
OSV
added 2013/07/08 8:55 p.m.3 views

DEBIAN-CVE-2013-0236

Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...

4.3CVSS5.9AI score0.0248EPSS
Exploits1References1
Cvelist
Cvelist
added 2013/07/08 8:0 p.m.31 views

CVE-2013-0236

Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...

5.5AI score0.0248EPSS
Exploits1References5
Prion
Prion
added 2012/10/10 5:55 p.m.18 views

Cross site scripting

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive POST content via...

4.3CVSS5.9AI score0.02513EPSS
Exploits0References15Affected Software13
UbuntuCve
UbuntuCve
added 2012/10/09 12:0 a.m.28 views

CVE-2012-3992

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive POST content via...

4.3CVSS7.2AI score0.02513EPSS
Exploits0References3
NVD
NVD
added 2011/09/27 10:55 a.m.22 views

CVE-2010-4850

Multiple cross-site scripting XSS vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the 1 postcontent parameter to post/edit/2/p1.html, related to views/post.php; the 2 slogan parameter to admin/site/2.html, related to views/admin.php; or the 3...

4.3CVSS5.8AI score0.01766EPSS
Exploits1References7
Prion
Prion
added 2011/09/27 10:55 a.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the 1 postcontent parameter to post/edit/2/p1.html, related to views/post.php; the 2 slogan parameter to admin/site/2.html, related to views/admin.php; or the 3...

4.3CVSS6AI score0.01766EPSS
Exploits1References7Affected Software1
F5 Networks
F5 Networks
added 2009/04/05 12:0 a.m.49 views

SOL9913 - Apache Tomcat vulnerability - CVE-2008-4308

Description The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Information about this advisory is...

2.6CVSS7.3AI score0.03914EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2009/02/26 11:30 p.m.29 views

CVE-2008-4308

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request...

2.6CVSS5.9AI score0.03914EPSS
Exploits2References1
Rows per page
Query Builder