Lucene search
K

1352 matches found

CNVD
CNVD
added 2019/01/11 12:0 a.m.1 views

NEC Aterm W300P Buffer Overflow Vulnerability

The NEC Aterm W300P is a wireless router from Nippon Electric NEC. A buffer overflow vulnerability exists in the NEC Aterm W300P using firmware version 1.0.13 and earlier, which can be exploited by an attacker to execute arbitrary code with the help of the 'submit-url' parameter...

7.2CVSS8.1AI score0.018EPSS
Exploits0References1
OSV
OSV
added 2019/01/09 11:29 p.m.3 views

CVE-2018-0633

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter...

7.2CVSS6.1AI score0.018EPSS
Exploits0References2
Prion
Prion
added 2019/01/09 11:29 p.m.13 views

Buffer overflow

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via submit-url parameter...

6.5CVSS7.3AI score0.018EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/12/24 12:0 a.m.1 views

phpipam SQL injection vulnerability (CNVD-2019-43861)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A SQL injection vulnerability exists in the /app/admin/nat/item-add-submit.php file in PHPipam version 1.3.2. An attacker can exploit this vulnerability to obtain information...

9.8CVSS7.9AI score0.01789EPSS
Exploits1References1
OSV
OSV
added 2018/11/26 7:29 a.m.2 views

CVE-2018-19550

Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveyssubmit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI...

8.8CVSS5.8AI score0.05993EPSS
Exploits4References2
CNVD
CNVD
added 2018/11/26 12:0 a.m.3 views

Interspire Email Marketer Arbitrary File Upload Vulnerability

BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from BigCommerec, USA. A security vulnerability exists in BigCommerec IEM 6.1.6 and earlier versions. The vulnerability can be exploited by an attacker to upload arbitrary files by performing a 'create and submit...

8.8CVSS8.6AI score0.05993EPSS
Exploits4References1
exploitpack
exploitpack
added 2018/10/29 12:0 a.m.28 views

Open Faculty Evaluation System 5.6 - batch_name SQL Injection

Open Faculty Evaluation System 5.6 - batchname SQL Injection Exploit Title: Open Faculty Evaluation System 5.6 - 'batchname' SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://openfacultyeval.sourceforge.io/ Software Link:...

0.1AI score
Exploits0
CNVD
CNVD
added 2018/10/25 12:0 a.m.1 views

Stored Cross-Site Scripting Vulnerability in "I want to submit a paper" in the background of Daimi CMS

DAMI CMS is a PC building station and cell phone building station integrated all-in-one system. A stored cross-site scripting vulnerability exists in the "I want to submit" section of the backend of Daimi CMS. An attacker can insert malicious js code into the page to obtain user cookies and other...

6.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2018/10/01 12:0 a.m.4 views

PT-2018-3640 · Wikimedia +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.1 Description: The issue is related to a lack of input validation mechanism in MediaWiki, which can be exploited by a remote attacker to impact data integrity. Specifically, when MediaWiki:Mainpage is set to...

7.5CVSS5.1AI score0.01573EPSS
Exploits5References52
0day.today
0day.today
added 2018/08/22 12:0 a.m.20 views

Twitter-Clone 1 - userid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Twitter-Clone 1 - 'userid' SQL Injection Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 POC : SQLi vulnerable files : follow.php , index.php vulnerable...

0.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/07/29 6:6 p.m.7 views

submit-url.ro XSS vulnerability

Open Bug Bounty ID: OBB-655839 Description| Value ---|--- Affected Website:| submit-url.ro Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
OSV
OSV
added 2018/06/19 5:29 a.m.1 views

DEBIAN-CVE-2018-12564

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...

6.5CVSS6.3AI score0.01504EPSS
Exploits0References1
OSV
OSV
added 2018/05/26 9:29 p.m.4 views

CVE-2018-11501

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...

8.8CVSS5.8AI score0.00634EPSS
Exploits1References2
Prion
Prion
added 2018/05/26 9:29 p.m.17 views

Cross site request forgery (csrf)

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...

6CVSS8.7AI score0.00634EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/05/26 9:0 p.m.24 views

CVE-2018-11501

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...

8.8AI score0.00634EPSS
Exploits1References2
CNVD
CNVD
added 2018/05/14 12:0 a.m.2 views

Kliqqi CMS Cross-Site Scripting Vulnerability

Kliqqi CMS is a content management system CMS. A cross-site scripting vulnerability exists in Kliqqi CMS version 3.5.2. The vulnerability can be exploited to inject malicious script via a specially crafted group name in the pligg/groups.php file, a specially crafted Homepage string in the profile...

5.4CVSS6.2AI score0.00531EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2018/05/02 12:0 a.m.53 views

Adobe Reader PDF - Client Side Request Injection

% a PDF file using an XFA % most whitespace can be removed truncated to 570 bytes or so... % Ange Albertini BSD Licence 2012 % modified by InsertScript %PDF-1. % can be truncated to %PDF-\0 1 0 obj stream 1 endstream endobj trailer /XFA 1 0 R /Pages...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2018/04/22 3:29 p.m.1 views

CVE-2017-17889

Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php...

5.4CVSS5.4AI score0.00531EPSS
Exploits1References3
OSV
OSV
added 2018/04/22 3:29 p.m.1 views

CVE-2017-17889

Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, a crafted Homepage string in a profile, or a crafted string in Tags or Description within pligg/submit.php...

5.4CVSS5.8AI score0.00531EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2018/03/01 12:16 p.m.11 views

oswaalbooks.com XSS vulnerability

Open Bug Bounty ID: OBB-571831 Description| Value ---|--- Affected Website:| oswaalbooks.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure bas...

6.4AI score
Exploits0
Rows per page
Query Builder