CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

633 matches found

Prion•added 2020/09/09 2:15 p.m.•16 views

Cross site scripting

A Cross-site scripting XSS vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter...

4.3CVSS6AI score0.00285EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/09/09 1:59 p.m.•18 views

CVE-2020-24194

6.1AI score0.00285EPSS

Exploits1References2

CVE•added 2020/09/09 1:59 p.m.•40 views

CVE-2020-24194

CVE-2020-24194 is an XSS vulnerability in SourceCodester Daily Tracker System v1.0, exploitable via the fullname parameter in user-profile.php to inject arbitrary web script/HTML. The provided connected documents confirm the issue but do not specify affected versions beyond v1.0, nor provide a re...

6.1CVSS6AI score0.00285EPSS

Exploits1References2Affected Software1

0day.today•added 2020/06/30 12:0 a.m.•117 views

Reside Property Management 3.0 - (profile) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Reside Property Management 3.0 - 'profile' SQL Injection Google Dork: "Copyright 2020 Reside Property Management" Exploit Author: Ultra Security Team Ashkan Moghaddas , AmirMohammad Safari Team Members: Behzad Khalifeh , Milad...

7.1AI score

Exploits0

NVD•added 2020/03/12 2:15 p.m.•8 views

CVE-2020-10436

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/my-profile.php by adding a question mark ? followed by the payload...

4.8CVSS5AI score0.00321EPSS

Exploits1References2

Prion•added 2020/03/12 2:15 p.m.•14 views

Cross site scripting

3.5CVSS4.9AI score0.00321EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/01/29 2:47 p.m.•22 views

CVE-2012-5776

Dokeos 2.1.1 has multiple XSS issues involving "extra" parameters in main/auth/profile.php...

5.3AI score0.00191EPSS

Exploits1References2

NVD•added 2020/01/08 6:15 p.m.•8 views

CVE-2020-5510

PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file...

10CVSS9.8AI score0.0032EPSS

Exploits1References2

Cvelist•added 2020/01/08 5:32 p.m.•13 views

CVE-2020-5510

PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file...

9.9AI score0.0032EPSS

Exploits1References2

0day.today•added 2018/10/03 12:0 a.m.•29 views

Zechat 1.5 - uname SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Zechat 1.5 - 'uname' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://bylancer.com/ Software Link: https://bylancer.com/products/zechat-php-script/index.php Version: 1.5 Category: Webapps Tested on:...

7.4AI score

Exploits0

Exploit DB•added 2018/10/03 12:0 a.m.•24 views

Zechat 1.5 - 'uname' SQL Injection

Exploit Title: Zechat 1.5 - 'uname' SQL Injection Exploit Author: Ihsan Sencan Date: 2018-10-02 Dork: N/A Vendor Homepage: https://bylancer.com/ Software Link: https://bylancer.com/products/zechat-php-script/index.php Version: 1.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

7.4AI score

Exploits0

Openbugbounty•added 2018/09/14 12:26 a.m.•8 views

laxmihospital.com XSS vulnerability

Open Bug Bounty ID: OBB-676516 Description| Value ---|--- Affected Website:| laxmihospital.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0

Cvelist•added 2018/08/10 3:0 p.m.•11 views

CVE-2018-15187

PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php...

8AI score0.00128EPSS

Exploits1References1

CVE•added 2018/08/10 3:0 p.m.•37 views

CVE-2018-15187

CVE-2018-15187 concerns PHP Scripts Mall’s advanced-real-estate-script v4.0.9, where a Cross-Site Request Forgery (CSRF) flaw in edit-profile.php enables unauthorized actions. The CVSS details indicate a high-severity impact (CVSS3 8.0, HIGH; vector: NETWORK, LOW attack complexity, PR: LOW, UI: R...

8CVSS7.9AI score0.00128EPSS

Exploits1References1Affected Software1

Openbugbounty•added 2018/06/25 7:45 p.m.•6 views

luzdoislam.com.br Improper Access Control vulnerability

Open Bug Bounty ID: OBB-636444 Description| Value ---|--- Affected Website:| luzdoislam.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

Exploits0

Packet Storm•added 2018/05/07 12:0 a.m.•58 views

WordPress User Role Editor Plugin Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress User Role Editor plugin prior to v4.25, is lacking an...

0.2AI score

Exploits0

NVD•added 2018/01/13 12:29 a.m.•10 views

CVE-2018-5652

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php darkmodeend parameter...

4.8CVSS5AI score0.00267EPSS

Exploits1References2

Cvelist•added 2018/01/13 12:0 a.m.•18 views

CVE-2018-5651

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php darkmodestart parameter...

5AI score0.00314EPSS

Exploits1References2

CNVD•added 2018/01/08 12:0 a.m.•1 views

WordPress Add Link to Facebook Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Add Link to Facebook is one of the plug-ins to automatically add links to Facebook. A cross-site scripting...

5.4CVSS6.1AI score0.00247EPSS

Exploits1References1