Lucene search
K

209 matches found

Prion
Prion
added 2023/10/20 7:15 a.m.17 views

Directory traversal

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...

5.8CVSS6.8AI score0.01031EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/10/20 6:35 a.m.35 views

CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...

9.1CVSS9.1AI score0.01031EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.55 views

Fedora 38 : moodle (2023-6880309d0e)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6880309d0e advisory. Latest updates Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

9.8CVSS6.1AI score0.0193EPSS
Exploits0References13
NVD
NVD
added 2023/04/18 9:15 p.m.12 views

CVE-2023-28440

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

2.7CVSS3.5AI score0.00688EPSS
Exploits0References1
Prion
Prion
added 2023/04/18 9:15 p.m.20 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

3.3CVSS4AI score0.00688EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/18 8:40 p.m.22 views

CVE-2023-28440 Denial of service via admin theme import route in Discourse

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

2.7CVSS4.3AI score0.00688EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/18 8:40 p.m.8 views

CVE-2023-28440 Denial of service via admin theme import route in Discourse

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

2.7CVSS3.6AI score0.00688EPSS
Exploits0References1
OSV
OSV
added 2023/04/18 8:40 p.m.30 views

CVE-2023-28440 Denial of service via admin theme import route in Discourse

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

2.7CVSS4.5AI score0.00688EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.5 views

PT-2023-21723 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.3 Discourse versions prior to 3.1.0.beta4 Description: Discourse is an open source platform for community discussion. A maliciously crafted request from a Discourse administrator can lead to a long-running...

2.7CVSS3.6AI score0.00688EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.5 views

SUSE CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

3.5CVSS6.7AI score0.01626EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.4 views

SUSE CVE-2013-3735

The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service memory consumption and application crash via a crafted function definition, as demonstrated by an atta...

7.5CVSS6.8AI score0.02832EPSS
Exploits1References3
OSV
OSV
added 2021/02/16 4:15 a.m.16 views

CVE-2021-27231

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages...

5.4CVSS6.6AI score
Exploits0References4
Prion
Prion
added 2021/02/16 4:15 a.m.11 views

Design/Logic Flaw

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages...

5.5CVSS5.3AI score0.01413EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/02/16 3:19 a.m.21 views

CVE-2021-27231

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages...

5.6AI score0.01413EPSS
Exploits1References4
CVE
CVE
added 2021/02/16 3:19 a.m.60 views

CVE-2021-27231

CVE-2021-27231 affects Hestia Control Panel 1.3.5 and below in a shared-hosting environment. The vulnerability allows remote authenticated users to create a subdomain for a different customer’s domain name, leading to spoofing of services or email messages. The provided documents describe the iss...

5.5CVSS5.2AI score0.01413EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2020/10/06 7:15 p.m.34 views

CVE-2020-15239

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

4CVSS0.01489EPSS
Exploits0References4
Kitploit
Kitploit
added 2020/05/31 9:30 p.m.74 views

Bing-Ip2Hosts - Bingip2Hosts Is A Bing.com Web Scraper That Discovers Websites By IP Address

Bing-ip2hosts is a Bing.com web scraper to discover hostnames by IP address. Description Bing-ip2hosts is a Bing.com web scraper that discovers hostnames by IP address. Bing is the flagship Microsoft search engine formerly known as MSN Search and Live Search. It provides a feature unique to searc...

6.7AI score
Exploits0References6
Kitploit
Kitploit
added 2019/03/29 8:12 p.m.182 views

phpMussel - PHP-based Anti-Virus Anti-Trojan Anti-Malware Solution

phpMussel is an ideal solution for shared hosting environments, where it's often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses,malware and other threats within files uploaded to your system wherever t...

7.2AI score
Exploits0References20
Hacker One
Hacker One
added 2018/08/29 3:43 p.m.19 views

Automattic: Arbitrary File Download as Shopmanager

Due to a flaw in the way WooCommerce handles downloadable products, a shop manager can download arbitrary files on the server. The video shows the exploit and how simple it is: https://www.youtube.com/watch?v=bkrHpqht5SM The function responsible for validating the download file input is the...

7.3AI score
Exploits0
NVD
NVD
added 2018/02/19 7:29 p.m.34 views

CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

6.8CVSS7.7AI score0.04255EPSS
Exploits1References8
Rows per page
Query Builder