Lucene search
K

164 matches found

CNNVD
CNNVD
added 2021/10/29 12:0 a.m.4 views

Online Reviewer System 代码问题漏洞

Online Reviewer System is a software application. An online reviewer system. A security vulnerability exists in Sourcecodester Online Reviewer System version 2.0, which allows an attacker to bypass the image upload filter and upload a maliciously crafted PHP file...

9.8CVSS8.4AI score0.02372EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.4 views

FeehiCMS 代码问题漏洞

FeehiCMS is a Php-based CMS builder. feehiCMS v2.0.8 and previous versions have a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted PHP file...

9.8CVSS6.2AI score0.01724EPSS
Exploits1References2
NVD
NVD
added 2021/08/25 10:15 p.m.23 views

CVE-2021-37334

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...

9.8CVSS0.02744EPSS
Exploits0References2
OSV
OSV
added 2021/07/23 8:15 p.m.2 views

CVE-2021-25809

UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache function in top.php...

5.3CVSS5.8AI score0.00934EPSS
Exploits1References1
NVD
NVD
added 2021/06/28 5:15 p.m.34 views

CVE-2021-35523

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file tha...

7.8CVSS0.00707EPSS
Exploits3References4
Prion
Prion
added 2021/06/28 5:15 p.m.17 views

Design/Logic Flaw

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file tha...

7.2CVSS7.6AI score0.00707EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2021/06/28 4:51 p.m.34 views

CVE-2021-35523

Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enables local privilege escalation to NT AUTHORITY\SYSTEM. A non-privileged local user can modify the OpenVPN configuration stored under "%APPDATA%\Securepoint SSL VPN" and add a external script file tha...

7.8AI score0.00707EPSS
Exploits3References4
NVD
NVD
added 2020/12/17 4:15 a.m.19 views

CVE-2020-25010

An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an...

9.8CVSS9.7AI score0.02423EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/31 5:41 a.m.2 views

"Shadankun Server Security Type" vulnerable to denial-of-service (DoS)

Overview "Shadankun Server Security Type" provided by Cyber Security Cloud , Inc. contains a denial-of-service DoS vulnerability. When "Rule id"s assigned by the product's internal script overlap, it would not be able to add newly detected attack source IP addresses as the blocking targets CWE-70...

7.5CVSS6.7AI score0.01296EPSS
Exploits0References5
CNVD
CNVD
added 2020/03/09 12:0 a.m.2 views

PHPGurukul Online Book Store Unauthenticated File Upload Vulnerability

PHPGurukul Online Book Store is a simple online web store made with php, mysql and bootstrap. An unauthenticated file upload vulnerability exists in adminadd.php in PHPGurukul Online Book Store 1.0. An unauthenticated remote attacker could use this vulnerability to upload content, including PHP...

9.8CVSS7.5AI score0.05474EPSS
Exploits1References1
Kitploit
Kitploit
added 2019/12/15 8:30 p.m.242 views

Nginx Log Check - Nginx Log Security Analysis Script

Nginx Log Security Analysis Script Features Statistics Top 20 Address SQL injection analysis Scanner alert analysis Exploit detection Sensitive path access File contains attack Webshell Find URLs with response length Top 20 Looking for rare script file access Find script file for 302 redirect Usa...

8.4AI score
Exploits0References1
CNVD
CNVD
added 2019/10/28 12:0 a.m.1 views

SQL injection vulnerability in ad***_to***.php file pi*** parameter in seacms backend

seacms ocean film and television management system, ocean cms is based on PHP + MySql technology development of video on demand system. seacms background adto.php file pi parameters exist SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...

8AI score
Exploits0
CVE
CVE
added 2019/07/14 5:5 p.m.144 views

CVE-2019-13597

CVE-2019-13597 affects Tyto Software Sahi Pro 8.0.0. The vulnerability is in s /sprm/s /dyn/Player_setScriptFile, which allows remote command execution via the _execute() function. An attacker could run ".sah" scripts through the Sahi Launcher or create new scripts with an editor, enabling server...

9.8CVSS9.6AI score0.14349EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/07/14 5:5 p.m.21 views

CVE-2019-13597

s/sprm/s/dyn/PlayersetScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the execute function...

9.8AI score0.14349EPSS
Exploits1References2
CNVD
CNVD
added 2019/07/10 12:0 a.m.1 views

SQL injection vulnerability in ad***/sa***.php file of zzzcms V1.7.1 version

zzcms is an asp language development of the site building system. zzzcms V1.7.1 version ad/sa.php file SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...

7.8AI score
Exploits0
Prion
Prion
added 2019/05/13 2:29 p.m.17 views

Command injection

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...

7.5CVSS9.8AI score0.41606EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2019/04/22 11:29 a.m.4 views

CVE-2019-11448

An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a PopupSLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file...

9.8CVSS7.5AI score0.12428EPSS
Exploits1References4
exploitpack
exploitpack
added 2019/04/18 12:0 a.m.36 views

ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution (Metasploit)

ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager 11.0 %q This module...

0.6AI score
Exploits0
CNVD
CNVD
added 2018/12/26 12:0 a.m.2 views

S-CMS SQL Injection Vulnerability (CNVD-2018-26678)

S-CMS is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in S-CMS version 1.0, which can be exploited by remote attackers to execute SQL commands by sending the 'Pid' parameter to the js/pic.php file...

9.8CVSS8.5AI score0.01135EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/15 12:0 a.m.3 views

Microsoft SharePoint Enterprise Server Information Disclosure Vulnerability

Microsoft SharePoint Enterprise Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An...

4.3CVSS4.8AI score0.04836EPSS
Exploits0References1
Rows per page
Query Builder