CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2018/02/06 12:0 a.m.•33 views

Atlassian Jira < 4.1.1 Multiple Vulnerabilities

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 4.1.1. It is, therefore, potentially affected by multiple vulnerabilities : - Remote authenticated attackers can exploit the privilege-escalation issue to gain SYSTEM-level...

9CVSS6AI score0.04846EPSS

Exploits0References4

OpenVAS•added 2018/01/19 12:0 a.m.•39 views

PHP < 5.6.33, 7.x < 7.0.27, 7.1.x < 7.1.13, 7.2.x < 7.2.1 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

6.1CVSS7.7AI score0.89192EPSS

Exploits1References4

Prion•added 2018/01/18 6:29 a.m.•17 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet PoE and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attac...

4.3CVSS6AI score0.0012EPSS

Exploits0References2

Prion•added 2018/01/18 6:29 a.m.•15 views

Input validation

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation ...

5.8CVSS6.6AI score0.00242EPSS

Exploits0References1Affected Software85

Prion•added 2018/01/18 6:29 a.m.•13 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

4.3CVSS6AI score0.00232EPSS

Cvelist•added 2018/01/18 6:0 a.m.•17 views

CVE-2018-0091

6AI score0.00232EPSS

Cvelist•added 2018/01/18 6:0 a.m.•13 views

CVE-2017-12308

6.6AI score0.00242EPSS

Cisco•added 2018/01/17 4:0 p.m.•36 views

Cisco WAP150 Wireless Cross-Site Scripting Vulnerability

6.1CVSS1.6AI score0.0012EPSS

Cisco•added 2018/01/17 4:0 p.m.•28 views

Cisco Identity Services Engine DOM Cross-Site Scripting Vulnerability

6.1CVSS1.7AI score0.00232EPSS

Broadcom•added 2018/01/17 12:0 a.m.•22 views

BSA-2018-525

Security Advisory ID : BSA-2018-525 Component : Fabric OS Web GUI Revision : 1.0: Initial XSS vulnerabilities in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS FOS could allow remote unauthenticated attackers to execute arbitrary script code in...

6.1CVSS7.7AI score0.00384EPSS

Tenable Nessus•added 2018/01/12 12:0 a.m.•449 views

PHP 7.0.x < 7.0.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.27. It is, therefore, affected by the following vulnerabilities : - A denial of service DoS vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gdgifin.c script...

7.5CVSS7.1AI score0.89192EPSS

Exploits2References4

Tenable Nessus•added 2018/01/12 12:0 a.m.•448 views

PHP 5.6.x < 5.6.33 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.33. It is, therefore, affected by multiple vulnerabilities : - A potential infinite loop in gdImageCreateFromGifCtx. CVE-2018-5711 - A reflected XSS in .phar 404 page exists due to improper validati...

6.1CVSS7AI score0.89192EPSS

Exploits1References3

NVD•added 2018/01/11 9:29 a.m.•9 views

CVE-2018-0118

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

6.1CVSS6.1AI score0.00451EPSS

Vulnrichment•added 2018/01/11 9:0 a.m.•6 views

CVE-2018-0118

6AI score0.00451EPSS

Cisco•added 2018/01/10 4:0 p.m.•55 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

6.1CVSS2AI score0.00451EPSS

seebug.org•added 2017/12/29 12:0 a.m.•23 views

Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities

Summary Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web. Moreover, it provides the ability to sync your data with Google Calendar so you can use them with other services. It is an open source project and you can...

6.8AI score

seebug.org•added 2017/12/29 12:0 a.m.•66 views

ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability

Summary ZKAccess Systems are built on flexible, open technology to provide management, real-time monitoring, and control of your access control system-all from a browser, with no additional software to install. Our secure Web-hosted infrastructure and centralized online administration reduce your...

7.5AI score

0day.today•added 2017/12/21 12:0 a.m.•22 views

WordPress WebConnex Form Management 1.6.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable WebConnex Form Management 1.6.3 WebConnex Form Management is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this iss...

7.1AI score