CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploit DB•added 2018/03/20 12:0 a.m.•37 views

Vehicle Sales Management System - Multiple Vulnerabilities

Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link: https://sourceforge.net/projects/vsms-php/?source=typredirect Version: 07/2017 possible v1.2 Tested on:...

9.8CVSS7AI score0.02167EPSS

Exploits4

OSV•added 2018/03/13 7:29 p.m.•2 views

CVE-2017-16251

A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST request. Successful exploit could allow an attacker to execute arbitrary code within the context of th...

8.8CVSS6.1AI score0.01787EPSS

CNVD•added 2018/02/22 12:0 a.m.•1 views

File Renaming Vulnerability in CMS Made Simple v2.2.5

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engines. A file renaming vulnerability exists in CMS Made Simple v2.2.5 due to the system failing to effectively filter input parameters. An attacker can exploit this vulnerability to...

ATTACKERKB•added 2017/08/14 4:29 p.m.•2 views

CVE-2017-9655

A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker may be able to upload a malicious script that attempts to redirect users to a...

5.4CVSS5.5AI score0.00909EPSS

Exploits0References4

OSV•added 2017/08/14 4:29 p.m.•2 views

CVE-2017-9655

5.4CVSS5.8AI score0.00909EPSS

Exploits0References3

CNVD•added 2017/08/02 12:0 a.m.•1 views

Multiple vulnerabilities in phpcms V9 front and backend

PHPCMS is a web content management system based on PHP and Mysql architecture. PHPCMS V9.6.3 backend has a reflective XSS and SQL injection vulnerability that can bypass the CSRF defense and upload any script file under certain conditions...

7.8AI score

CNVD•added 2017/07/06 12:0 a.m.•1 views

XIAOcms website builder system has file inclusion vulnerability

XiaoCms Enterprise Building Edition is based on PHP+Mysql architecture It is a small, flexible, simple and easy to use lightweight cms. A file inclusion vulnerability exists in the XIAOcms website builder system. An attacker can exploit this vulnerability to upload script files...

7AI score

Prion•added 2017/06/16 1:29 p.m.•11 views

Arbitrary file deletion

KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to...

7.5CVSS7.2AI score0.04289EPSS

Exploits4References1Affected Software1

CNVD•added 2017/03/27 12:0 a.m.•2 views

NetIQ Access Manager Remote Code Execution Vulnerability

NetIQ Access Manager provides a simple, secure, and scalable solution to handle all your Web access needs. A remote code execution vulnerability exists in NetIQ Access Manager. The vulnerability is caused due to the iManager Certificate Server Management module allowing administrators to create...

8.8CVSS8.3AI score0.01114EPSS

CNVD•added 2016/09/21 12:0 a.m.•1 views

File Upload Vulnerability in UFIDA Financials

UFIDA Financials is a financial management software. A file upload vulnerability exists in UFIDA Financial System. Vulnerability payload: http://target/TaskManager/EBankTaskServlet?m=1&taskjson=cnvdtest&taskname=... /... /R9iPortal/upload/cnvd.jsp%00&optionType=create Submitting the above request...

7.3AI score

CNVD•added 2016/07/11 12:0 a.m.•1 views

Xiangtan Times Information Technology Co., Ltd. website building system has arbitrary file upload vulnerability

Xiangtan Times Information Technology Co., Ltd. is an IT application service company, providing IT application services and e-commerce solutions. Xiangtan Times Information Technology Co., Ltd. website building system has an arbitrary file upload vulnerability, which can upload script files to...

seebug.org•added 2015/08/28 12:0 a.m.•36 views

D-Link Cookie Command Execution

This module exploits an anonymous remote upload and code execution vulnerability on different D-Link devices. The vulnerability is a command injection in the cookie handling process of the lighttpd web server when handling specially crafted cookie values. This module has been successfully tested ...

8.2AI score

CNVD•added 2015/05/12 12:0 a.m.•1 views

National Center for Digital Learning Resources cms system has script upload vulnerability

National Center for Digital Learning Resources cms system script upload vulnerability, in fact, is the remote download did not change the name of the...

7.2AI score

CNVD•added 2015/04/03 12:0 a.m.•3 views

Johnson Controls Metasys Unlimited File Upload Vulnerability

Johnson Controls Metasys is a building automation system from Johnson Controls. The system can be networked with weak electronic systems such as fire and security through a variety of open protocols or standard interfaces to provide system integrity for secure access. An unrestricted file upload...

10CVSS8AI score0.03946EPSS

seebug.org•added 2014/07/01 12:0 a.m.•20 views

Vacation Rental Script 4.0 - Arbitrary File Upload Vulnerability

No description provided by source. Script Name: Vacation Rental Script = 4.0 Site: http://www.vacationrentalscript.com/ Bug: Upload Shell Found: Br0ly google dork: 2006 - 2009 Vacation Rental Script BraZIL!! You need register a account first so: Signup: http://server/signup Cheek your email for...

seebug.org•added 2014/07/01 12:0 a.m.•22 views

cPanel < 11.25 CSRF - Add User php Script

No description provided by source. Exploit Title: cPanel 11.25 CSRF - Add php script Date: 27.05.2011 Author: ninjashell Software Link: http://cpanel.net Version: 11.25 see details below Tested on: Linux CVE : N/A I. Introduction cPanel versions below and excluding 11.25 , are vulnerable to CSRF...

seebug.org•added 2014/07/01 12:0 a.m.•11 views

JSBoard 2.0.x Remote Arbitrary Script Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11983/info JSBoard is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. If...

seebug.org•added 2014/07/01 12:0 a.m.•9 views

MediaWiki 1.3.x Remote Arbitrary Script Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11985/info MediaWiki is reported prone to a vulnerability that can allow a remote attacker to upload arbitrary PHP scripts to a vulnerable server. This issue results from insufficient sanitization of user-supplied input. ...