Lucene search
K

113 matches found

Veracode
Veracode
added 2019/02/19 6:33 a.m.18 views

Path Traversal

total.js is vulnerable to path traversal attacks. The vulnerability exists in index.js where req.url is insufficiently sanitized, allowing path traversal attacks...

7.5CVSS7.3AI score0.72058EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2018/11/02 12:0 a.m.154 views

qdPM 9.1 SQL Injection

Exploit Title: qdPM 9.1 - 'filterby' SQL Injection Date: 2018-11-01 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://qdpm.net Software Link: http://qdpm.net/download-qdpm-free-project-management Version: v9.1 Category: Webapps Tested on: XAMPP for...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2018/05/22 12:0 a.m.44 views

Boerse.de Cross SIte Scripting

Exploit Title: Reflected XSS at Boerse DE Date: 22.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.boerse.de Software Link: Website Version: 1.0.0 Tested on: Google Chrome / Mozilla FireFox Reflected XSS Payload : " " " PoC : General : Request URL:...

7.4AI score
Exploits0
OSV
OSV
added 2017/10/11 7:29 p.m.7 views

CVE-2017-14371

RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...

6.1CVSS5.9AI score0.01114EPSS
Exploits1References3
CVE
CVE
added 2017/10/11 7:0 p.m.58 views

CVE-2017-14371

CVE-2017-14371 affects RSA Archer GRC Platform before 6.2.0.5. The issue is a reflected cross-site scripting vulnerability via the request URL, allowing an attacker to cause arbitrary HTML execution in the user’s browser within the affected RSA Archer application. The connected sources corroborat...

6.1CVSS6.3AI score0.01114EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2017/05/25 5:29 p.m.20 views

CVE-2016-2165

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts t...

6.5CVSS6.4AI score0.00862EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/05/25 5:0 p.m.21 views

CVE-2016-2165

The Loggregator Traffic Controller endpoints in cf-release v231 and lower, Pivotal Elastic Runtime versions prior to 1.5.19 AND 1.6.x versions prior to 1.6.20 are not cleansing request URL paths when they are invalid and are returning them in the 404 response. This could allow malicious scripts t...

6.4AI score0.00862EPSS
Exploits0References1
Veracode
Veracode
added 2016/12/29 5:22 a.m.8 views

Open Redirects

products.cmfquickinstallertool is vulnerable to open redirection. It is possible because it does not verify if the request url is in the portal...

6.7AI score
Exploits0
CNVD
CNVD
added 2015/07/10 12:0 a.m.4 views

Cisco IP Communicator Denial of Service Vulnerability

Cisco IP Communicator is a suite of Windows PC-based softphone applications from Cisco. The program supports access to company phones, voicemail, etc. via a USB headset or USB speakerphone. A security vulnerability exists in Cisco IP Communicator version 8.64. A remote attacker could exploit this...

5CVSS6.7AI score0.02353EPSS
Exploits0References1
securityvulns
securityvulns
added 2012/02/08 12:0 a.m.31 views

curl data injection

Data injection via request URL...

7.5CVSS3.4AI score0.16723EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2009/09/09 5:30 p.m.7 views

CVE-2008-7191

Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service crash via a long request URL...

6.8AI score
Exploits0References2
Prion
Prion
added 2008/11/01 6:0 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...

4.3CVSS6.2AI score0.01803EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2008/10/31 11:0 p.m.24 views

CVE-2008-4876

Cross-site scripting XSS vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page...

5.7AI score0.01803EPSS
Exploits0References6
Rows per page
Query Builder