Lucene search
K

16 matches found

Vulnrichment
Vulnrichment
added 2025/08/28 5:24 a.m.0 views

CVE-2024-13807 Xagio SEO <= 7.1.0.5 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files

The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of protection in the directory. This makes it possible for unauthenticated attackers to extract...

7.5CVSS7AI score0.00351EPSS
Exploits0References3
CVE
CVE
added 2024/08/16 6:40 a.m.54 views

CVE-2024-7501

CVE-2024-7501 affects the WordPress plugin Download Plugins and Themes in ZIP from Dashboard. The vulnerability is CSRF due to missing/incorrect nonce validation in download_theme(), enabling unauthenticated attackers to cause a forged request to download arbitrary themes. Impact details from con...

4.2CVSS4.3AI score0.00161EPSS
Exploits0References2
Prion
Prion
added 2022/06/09 12:15 a.m.17 views

Input validation

LibreHealth EHR Base 2.0.0 allows incorrect interface/super/managesitefiles.php access...

9CVSS8.6AI score0.01879EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/14 1:31 a.m.26 views

GHSA-3GQ5-R59M-MMV2 Kirby XSS Vulnerability

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file...

4.8CVSS4.8AI score0.00559EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/14 1:31 a.m.19 views

Kirby XSS Vulnerability

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file...

4.8CVSS6.4AI score0.00559EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/06/03 11:15 p.m.18 views

CVE-2020-36006

AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site...

6.5CVSS0.01075EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.6 views

OpenEMR 跨站请求伪造漏洞

OpenEMR is an open source medical management system from the OpenEMR Openemr community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A cross-site request forgery vulnerability exists in OpenEMR version...

8.8CVSS5.7AI score0.00609EPSS
Exploits1References2
CNVD
CNVD
added 2018/12/29 12:0 a.m.2 views

Kirby Cross-Site Scripting Vulnerability (CNVD-2019-03334)

Kirby is a document-based content management system CMS. A cross-site scripting vulnerability exists in Kirby version 2.5.12. The vulnerability can be exploited by a remote attacker to upload SVG files using the "site files" Add option...

4.8CVSS6.4AI score0.00559EPSS
Exploits1References1
OSV
OSV
added 2018/12/28 5:29 p.m.18 views

CVE-2018-16630

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file...

4.8CVSS6AI score0.00559EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/28 5:0 p.m.25 views

CVE-2018-16630

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file...

4.9AI score0.00559EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/06 12:0 a.m.2 views

HuCart fi***.li***.php file has an arbitrary file deletion vulnerability

HuCart HuCart is an open source enterprise building system. HuCart fi.li.php file exists arbitrary file deletion vulnerability , attackers can exploit the vulnerability to delete any file site...

7AI score
Exploits0
CNVD
CNVD
added 2018/01/15 12:0 a.m.2 views

File Read Vulnerability in ZTE Color Ring Business System

ZTE's ringtone system inherits the stable system architecture of the mobile smart network, follows the latest specifications of operators, and provides flexible interfaces and rich new service functions. A file read vulnerability exists in the ZTE Color Ring service system, which can be exploited...

6.9AI score
Exploits0
0day.today
0day.today
added 2013/09/20 12:0 a.m.29 views

OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution

This Metasploit module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the...

8.7AI score
Exploits0
Exploit DB
Exploit DB
added 2013/09/20 12:0 a.m.21 views

OpenEMR 4.1.1 Patch 14 - SQL Injection / Privilege Escalation / Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "OpenEMR 4.1.1 Pat...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/09/17 12:0 a.m.41 views

OpenEMR 4.1.1 Patch 14 SQL Injection / Shell Upload

Exploit Title: OpenEMR 4.1.1 Patch 14 Multiple Vulnerabilities Date: Sep 17 2013 Exploit Author: xistence Vendor Homepage: www.open-emr.org Tested on: CentOS 5.9 32-bit Affected Version : 4.1.1 Patch 14 and lower Fix: Upgrade to OpenEMR 4.1.2 Software details: OpenEMR is a Free and Open Source...

0.3AI score
Exploits0
0day.today
0day.today
added 2009/03/09 12:0 a.m.20 views

CMS S.Builder <= 3.7 Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ======================================================== CMS S.Builder = 3.7 Remote File Inclusion Vulnerability ======================================================== CMS S.Builder = 3.7 RFI Vulnerability Information: Vendor:...

7.1AI score
Exploits0
Rows per page
Query Builder