Lucene search
K

114 matches found

Nuclei
Nuclei
added 18 hours ago36 views

WordPress Plugin WP Content Source Control - Directory Traversal

A directory traversal vulnerability in the filegetcontents function in downloadfiles/download.php in the WP Content Source Control wp-source-control plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. dot dot in the path parameter. id: CVE-2014-5368 inf...

5CVSS7.4AI score0.18817EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago59 views

AudioCodes Device Manager Express - SQL Injection

An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the processlogin.php login form. id: CVE-2022-24627 info: name: AudioCodes Device Manager Express - SQL Injection author: geeknik severity: critical...

9.8CVSS7.2AI score0.26389EPSS
Exploits4References3
Nuclei
Nuclei
added 18 hours ago28 views

ILIAS eLearning <7.16 - Open Redirect

ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-45917 info: name: ILIAS eLearning 7.16 - Open Redirect author:...

6.1CVSS6.3AI score0.0199EPSS
Exploits3References5
Nuclei
Nuclei
added 18 hours ago34 views

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...

6.1CVSS6.3AI score0.03313EPSS
Exploits3References5
Nuclei
Nuclei
added 18 hours ago25 views

Cyberoam NetGenie Cross-Site Scripting

Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 are susceptible to reflected cross-site scripting via the 'u' parameter of ft.php. id: CVE-2021-38702 info: name: Cyberoam NetGenie Cross-Site Scripting author: geeknik severity: medium description: Cyberoam NetGenie...

6.1CVSS6.3AI score0.06929EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago39 views

SINEMA Remote Connect Server < V2.0 - Open Redirect

A vulnerability has been identified in SINEMA Remote Connect Server All versions V2.0. Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. id: CVE-2022-23102...

6.1CVSS6.3AI score0.05265EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago40 views

Cisco Small Business RV Series - OS Command Injection

Cisco Small Business RV Series routers RV16X/RV26X versions 1.0.01.02 and before and RV34X versions 1.0.03.20 and before contain multiple OS command injection vulnerabilities in the web-based management interface. A remote attacker can execute arbitrary OS commands via the sessionid cookie or...

9.8CVSS7AI score0.72472EPSS
Exploits8References5
Nuclei
Nuclei
added 18 hours ago38 views

WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting

A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. id: CVE-2013-4625 info: name: WordPress Plugin Duplicator 0.4.5 - Cross-Site Scripting...

4.3CVSS6AI score0.11102EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago25 views

WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting

A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. id: CVE-2013-4117 info: name: WordPress Plugin Category Grid View Gallery 2.3.1 -...

4.3CVSS6AI score0.12974EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago24 views

BlogEngine.NET 3.3.7.0 - Local File Inclusion

BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter id: CVE-2019-10717 info: name: BlogEngine.NET 3.3.7.0 - Local File Inclusion author: arafatansari severity: high description: | BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the pa...

7.1CVSS7AI score0.05399EPSS
Exploits5References5
Nuclei
Nuclei
added 18 hours ago39 views

Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting

Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/comsunwebui/help/helpwindow.jsp windowTitle parameter. id: CVE-2018-19439 info: name: Oracle Secure Global...

6.1CVSS6.3AI score0.20457EPSS
Exploits3References5
Nuclei
Nuclei
added 18 hours ago58 views

Allied Telesis AT-GS950/8 - Local File Inclusion

Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface. id: CVE-2019-18922 info: name: Allied Telesis AT-GS950/8 - Local File Inclusion author: 0xAkoko severity: high description: | Allied Telesis AT-GS950/8 until Firmware AT-S107...

7.8CVSS7.1AI score0.24742EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago33 views

WordPress GraceMedia Media Player 1.0 - Local File Inclusion

WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg parameter. id: CVE-2019-9618 info: name: WordPress GraceMedia Media Player 1.0 - Local File Inclusion author: daffainfo severity: critical description: WordPress GraceMedia Media Player plugin 1.0 is...

9.8CVSS7.2AI score0.40771EPSS
Exploits5References5
Nuclei
Nuclei
added 18 hours ago63 views

vBulletin 5.5.4 - 5.6.2- Remote Command Execution

vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. id: CVE-2020-17496 info: name: vBulletin 5.5.4 - 5.6.2- Remote Comman...

9.8CVSS7.6AI score0.8774EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago96 views

Cute Editor for ASP.NET 6.4 - Cross-Site Scripting

Cute Editor for ASP.NET 6.4 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

6.1CVSS6.4AI score0.02932EPSS
Exploits1References3
Nuclei
Nuclei
added 18 hours ago18 views

Advanced Comment System 1.0 - Local File Inclusion

ACS Advanced Comment System 1.0 is affected by local file inclusion via an advancedcomponentsystem/index.php?ACSpath=..%2f URI. id: CVE-2020-35598 info: name: Advanced Comment System 1.0 - Local File Inclusion author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affect...

7.5CVSS7AI score0.21EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago22 views

SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting

SIS Informatik REWE GO SP17 before 7.7 contains a cross-site scripting vulnerability via rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters. id: CVE-2021-31537 info: name: SIS Informatik REWE ...

6.1CVSS6.3AI score0.07781EPSS
Exploits3References5
Nuclei
Nuclei
added 18 hours ago51 views

Open Redirect in Host Authorization Middleware

Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. id: CVE-2021-44528 info: name: Open Redirect in Host Authorization Middleware author: geeknik...

6.1CVSS6.6AI score0.04182EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago24 views

WordPress StageShow <5.0.9 - Open Redirect

WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshowredirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter. id: CVE-2015-5461 info: name:...

6.4CVSS6.1AI score0.06283EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago16 views

WordPress DZS-VideoGallery Plugin Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio DZS Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 swfloc or 2 designrand parameter. id: CVE-2014-9094 info: name: WordPress...

4.3CVSS6AI score0.07309EPSS
Exploits0References5
Rows per page
Query Builder