CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be...

4.3CVSS6.9AI score0.00112EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 9:55 a.m.•4 views

CVE-2024-28401

TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting XSS vulnerability in Root Access Control under the Wireless Page...

5.4CVSS6AI score0.00073EPSS

Exploits1References1

OSV•added 2024/03/15 5:15 p.m.•0 views

CVE-2024-28401

TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting XSS vulnerability in Root Access Control under the Wireless Page...

5.4CVSS5.8AI score

Exploits0References2

NVD•added 2024/03/15 5:15 p.m.•8 views

CVE-2024-28401

TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting XSS vulnerability in Root Access Control under the Wireless Page...

5.4CVSS5.8AI score0.00073EPSS

Exploits1References2

CVE•added 2024/03/15 12:0 a.m.•62 views

CVE-2024-28401

TOTOLINK X2000R firmware before v1.0.0-B20231213.1013 contains a Store Cross-site Scripting (XSS) vulnerability in Root Access Control under the Wireless Page. The issue arises from inadequate input validation/escaping of user-supplied data, enabling an attacker to inject arbitrary web script or ...

5.4CVSS6AI score0.00073EPSS

Exploits1References2Affected Software1

Cvelist•added 2024/03/15 12:0 a.m.•15 views

CVE-2024-28401

TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting XSS vulnerability in Root Access Control under the Wireless Page...

6AI score0.00073EPSS

Exploits1References2

Exploit DB•added 2012/07/02 12:0 a.m.•42 views

WANGKONGBAO CNS-1000 UTM IPS-FW - Directory Traversal (Metasploit)

Exploit Title: WANGKONGBAO CNS-1000 and 1100 Network Security Platform UTM Directory Traversal Date: 7/2/2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.wangkongbao.com/products.html Version: CNS-1000 and 1100 The issue is in the /src/acloglogin.php langid and lang parameters...

7.4AI score

Exploits0

Cvelist•added 2009/03/02 7:0 p.m.•16 views

CVE-2008-6387

Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb...

6.3AI score0.05896EPSS

Exploits0References3

NVD•added 2008/12/16 7:7 p.m.•9 views

CVE-2008-5603

ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb...

5CVSS6.3AI score0.05896EPSS

Exploits0References4

Cvelist•added 2006/10/17 5:0 p.m.•14 views

CVE-2006-5316

registroTL stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for /usuarios.dat...

6.3AI score0.05581EPSS

Exploits1References4

securityvulns•added 2001/03/13 12:0 a.m.•251 views

FreeBSD Ports Security Advisory FreeBSD-SA-01:27.cfengine

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:27 Security Advisory FreeBSD, Inc. Topic: cfengine port contains remote root vulnerability Category: ports Module: cfengine Announced: 2001-03-12 Credits: Pekka Savola...

0.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by