Lucene search
K

673 matches found

Cvelist
Cvelist
added 2020/07/07 1:15 p.m.24 views

CVE-2020-15573

SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulnerability," aka Case Numbers 00041778 and 00306421...

6.3AI score0.01505EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/06/26 12:0 a.m.3 views

The vulnerability of the VBScript script handler in Internet Explorer allows a hacker to execute arbitrary code.

The vulnerability of VBScript script handlers in Internet Explorer is related to errors in memory object handling. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.6CVSS7.9AI score0.07175EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2020/05/06 12:0 a.m.5 views

BCH public chain OP_CHECKDATASIG suffers from a logic flaw vulnerability

The attack payload is a precisely constructed P2SH Transaction that utilizes the OPCHECKDATASIG opcode introduced by the BCH upgrade last November. The attack payload has a SigOP count of 1334 15 = 20010, and this attack payload TX is rejected by the node with an error of too many sigops, which i...

6.8AI score
Exploits0
OSV
OSV
added 2020/04/16 7:15 p.m.3 views

CVE-2019-20714

Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, DM200 before 1.0.0.58, R7500v2 before 1.0.3.40, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.22, RBR20 before 2.3.0.22,...

4.8CVSS5.8AI score0.00606EPSS
Exploits0References1
CNVD
CNVD
added 2020/03/23 12:0 a.m.2 views

SQL injection vulnerability in news****.php of website building system of Chaozhou Weipai Network Technology Co.

Chaozhou Weipai Network Technology Co., Ltd. focuses on micro-platform planning and development, leveraging on the WeChat public platform and open platform, customized display, interaction, sharing, promotion and sales in one of the micro-platform. Chaozhou City Weipai Network Technology Co., Ltd...

8AI score
Exploits0
CNVD
CNVD
added 2020/03/20 12:0 a.m.2 views

SQL injection vulnerability in the ab***.php page bi*** parameter of the website building system of Hefei Yilang Network Technology Co.

Hefei Yilang Network Technology Co., Ltd. is a company specializing in Internet technology services, development and application. Hefei a wave of network technology limited company to build a station system ab.php page bi parameters exist SQL injection vulnerability, an attacker can use the...

7.8AI score
Exploits0
CNVD
CNVD
added 2020/03/16 12:0 a.m.2 views

Chadha PHPKB OS Command Injection Vulnerability

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. An OS command injection vulnerability exists in export.php in Chadha PHPKB Standard Multi-Language 9. A remote attacker can exploit...

7.2CVSS8.2AI score0.04326EPSS
Exploits1References1
Prion
Prion
added 2020/01/30 9:15 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a 1 tag name to the Shortlog table in templates/shortlog.php or branch name to the 2 Shortlog table in templates/shortlog.php or 3 Heads table in...

4.3CVSS5.9AI score0.03955EPSS
Exploits6References4Affected Software1
Hacker One
Hacker One
added 2020/01/28 11:44 a.m.192 views

Insolar: XDSI(Cross Domain Script Inclusion)

Summary: As I did not get the proper CWE id over id to add but the proper CWE id is 829: The page includes one or more script files from a third-party domain. Here you are including in your website, someone else's code; You don't have any control over what is in that code, and you don't have any...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/01/13 12:0 a.m.39 views

EulerOS Virtualization for ARM 64 3.0.5.0 : patch (EulerOS-SA-2020-1065)

According to the versions of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch fil...

9.3CVSS7.5AI score0.0556EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2019/12/30 12:0 a.m.632 views

elearning-script 1.0 - Authentication Bypass

Exploit Title: elearning-script 1.0 - Authentication Bypass Author: riamloo Date: 2019-12-29 Vendor Homepage: https://github.com/amitkolloldey/elearning-script Software Link: https://github.com/amitkolloldey/elearning-script/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: E...

7.4AI score
Exploits0
CNVD
CNVD
added 2019/10/28 12:0 a.m.2 views

SQL injection vulnerability in in***.php page of S-CMS government website builder system

S-CMS government station building system is Zibo Shining Network Technology Co., Ltd. developed a special government station building solutions to provide products. S-CMS government website building system in.php page SQL injection vulnerability, attackers can use the vulnerability to obtain...

7.8AI score
Exploits0
CNVD
CNVD
added 2019/03/21 12:0 a.m.2 views

PHP Scripts Mall Advance B2B Script Directory Traversal Vulnerability

PHP Scripts Mall Advance B2B Script is a set of PHP-based scripts for B2B business-to-business trading websites. PHP Scripts Mall Advance B2B Script 2.1.4 suffers from a directory traversal vulnerability, which can be exploited to achieve directory traversal by directly requesting an image...

4.3CVSS7.1AI score0.01346EPSS
Exploits1References1
OSV
OSV
added 2018/12/04 5:29 p.m.3 views

CVE-2018-12308

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encryptkey" URL parameter...

6.5CVSS5.8AI score0.00586EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/02 12:0 a.m.3 views

MiniCMS Arbitrary PHP Code Execution Vulnerability

MiniCMS is a micro content management system designed for personal websites. An arbitrary PHP code execution vulnerability exists in MiniCMS 1.10. An attacker can exploit this vulnerability to execute arbitrary PHP code via the install.php sitename parameter...

9.8CVSS9.8AI score0.0258EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2018/10/16 12:0 a.m.7 views

PT-2018-14397 · Alchemycms · Alchemycms

Name of the Vulnerable Software and Affected Versions: AlchemyCMS version 4.1.0 Description: A Stored XSS issue has been found in AlchemyCMS via the "/admin/pictures" image field. The vendor disputes the validity of this report, stating that the researcher used an authorized cookie to access a...

6.1CVSS6.2AI score0.01691EPSS
Exploits2References10
CNVD
CNVD
added 2018/08/21 12:0 a.m.4 views

LibreHealthIO LH-EHR Arbitrary File Write Vulnerability (CNVD-2019-21231)

LibreHealthIO LH-EHR is an open source electronic health record and medical practice management application. An arbitrary file write vulnerability exists in the letter.php file in the LibreHealthIO LH-EHR REL-2.0.0 release, which can be exploited to write a file with malicious content and...

8.8CVSS8.9AI score0.02797EPSS
Exploits1References1
OSV
OSV
added 2018/08/09 7:29 p.m.5 views

CVE-2018-15182

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields...

5.4CVSS5.8AI score0.00545EPSS
Exploits1References1
CVE
CVE
added 2018/06/11 9:0 p.m.111 views

CVE-2018-5110

This CVE (CVE-2018-5110) affects Firefox on macOS (OS X) prior to version 58. The issue occurs when cursor visibility is toggled by script from 'none' to an image and back, rendering the cursor temporarily invisible. The description does not specify the exact root cause beyond this behavior, nor ...

5.3CVSS6.2AI score0.01471EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2018/05/31 6:29 p.m.17 views

Directory traversal

The 'checksum' parameter of the '/common/downloadattachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script...

4CVSS7.2AI score0.06483EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder