Lucene search
K

55 matches found

Prion
Prion
added 2015/07/08 4:59 p.m.23 views

Directory traversal

Directory traversal vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.2.5 for WordPress allows remote attackers to create arbitrary files via a .. dot dot in the mapid parameter...

5CVSS7.3AI score0.105EPSS
Exploits3References5Affected Software1
Packet Storm
Packet Storm
added 2015/06/19 12:0 a.m.30 views

ZTE ZXV10 W300 3.1.0c_DR0 UI Session Delete

Document Title: =============== ZTE ZXV10 W300 v3.1.0cDR0 - UI Session Delete Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1522 Release Date: ============= 2015-06-16 Vulnerability Laboratory ID VL-ID: ===================================...

7.4AI score
Exploits0
NVD
NVD
added 2015/04/18 2:0 a.m.19 views

CVE-2015-0967

Multiple cross-site scripting XSS vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via 1 the search field in plugin/index.html or 2 the title field in the Create Featured Result form in admin/main.jsp...

4.3CVSS5.8AI score0.01287EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/05/23 2:0 p.m.27 views

CVE-2014-3848

The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4wdbinfo parameter...

6.7AI score0.09149EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2014/01/08 12:0 a.m.14 views

TYPO3 mailforms Unspecified Arbitrary Mail Relay Vulnerability

TYPO3 is prone to arbitrary mail relay vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

7.4AI score
Exploits0References1
NVD
NVD
added 2013/08/09 9:55 p.m.23 views

CVE-2013-4620

Cross-site scripting XSS vulnerability in interface/main/onotes/officecommentsfull.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter...

4.3CVSS5.7AI score0.03282EPSS
Exploits1References4
NVD
NVD
added 2013/08/02 12:10 p.m.20 views

CVE-2013-4165

The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-channel attack...

4.3CVSS6.4AI score0.02278EPSS
Exploits0References3
Cvelist
Cvelist
added 2013/02/08 2:0 a.m.23 views

CVE-2012-4700

Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document...

7.6AI score0.03769EPSS
Exploits0References2
NVD
NVD
added 2012/10/03 11:2 a.m.21 views

CVE-2012-3552

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service slab corruption and system crash by sending packets to an application that sets socket options during the handling of network traffic...

7.1CVSS5.5AI score0.0285EPSS
Exploits0References6
Prion
Prion
added 2012/08/14 10:55 p.m.23 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 "user names in page titles" and 2 "autocomplete callbacks."...

4.3CVSS6AI score0.02443EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2012/07/17 11:55 p.m.19 views

CVE-2012-3124

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL...

5CVSS6.1AI score0.01735EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2012/07/05 12:0 a.m.27 views

CLscript CMS 3.0 SQL Injection / Cross Site Scripting

Title: ====== CLscript CMS v3.0 - Multiple Web Vulnerabilities Date: ===== 2012-05-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=574 VL-ID: ===== 574 Common Vulnerability Scoring System: ==================================== 8.6 Introduction: ============= With the...

0.3AI score
Exploits0
Prion
Prion
added 2012/01/18 8:55 p.m.33 views

Null pointer dereference

The tidydiagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153...

5CVSS6.8AI score0.122EPSS
Exploits11References6Affected Software1
NVD
NVD
added 2011/12/22 8:55 p.m.18 views

CVE-2011-3990

Cross-site scripting XSS vulnerability in plugin/comment.inc.php in PukiWiki Plus! 1.4.7plus-u2-i18n and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01135EPSS
Exploits0References3
NVD
NVD
added 2011/09/23 11:55 p.m.12 views

CVE-2011-3749

ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files...

5CVSS6.1AI score0.01229EPSS
Exploits0References3
Cvelist
Cvelist
added 2011/07/21 12:0 a.m.27 views

CVE-2011-2275

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote attackers to affect integrity via unknown vectors...

6AI score0.00979EPSS
Exploits0References2
NVD
NVD
added 2011/05/09 10:55 p.m.9 views

CVE-2011-1574

Stack-based buffer overflow in the ReadS3M method in loads3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file...

6.8CVSS7.6AI score0.42941EPSS
Exploits8References15
Cvelist
Cvelist
added 2011/03/07 8:0 p.m.22 views

CVE-2011-0436

The registeruser function in client/newaccountform.php in Domain Technologie Control DTC before 0.32.9 includes a cleartext password in an e-mail message, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

6AI score0.01854EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2010/08/30 7:0 p.m.30 views

CVE-2010-2940

The authsend function in providers/ldap/ldapauth.c in System Security Services Daemon SSSD 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pamauthenticate via an empty password...

5.1CVSS6.7AI score0.02023EPSS
Exploits0
Cvelist
Cvelist
added 2010/02/23 8:0 p.m.34 views

CVE-2010-0700

Cross-site scripting XSS vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

5.6AI score0.01734EPSS
Exploits4References6
Rows per page
Query Builder