Lucene search
K

60 matches found

Prion
Prion
added 2022/02/21 11:15 a.m.21 views

Cross site request forgery (csrf)

The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have CSRF check in its comingsoonsendmail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack...

4.3CVSS4.7AI score0.00464EPSS
Exploits2References2Affected Software1
wpexploit
wpexploit
added 2022/01/24 12:0 a.m.157 views

Coming soon and Maintenance mode < 3.6.8 - Arbitrary Email Sending to Subscribed Users via CSRF

The plugin does not have CSRF check in its comingsoonsendmail AJAX action, allowing attackers to make logged in admin to send arbitrary emails to all subscribed users via a CSRF attack fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...

4.3CVSS1.1AI score0.00464EPSS
Exploits2References1
CNVD
CNVD
added 2020/05/18 12:0 a.m.5 views

WordPress Unauthorized Operation Vulnerability (CNVD-2020-29838)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ultimate Addons for Elementor is an extension plugin that uses one of the Elementor page builder plugins. A security vulnerability exis...

7.2CVSS6.6AI score0.02307EPSS
Exploits0
Veracode
Veracode
added 2020/04/10 12:53 a.m.24 views

Cross-site Scripting (XSS)

mailman is vulnerable to cross-site scripting XSS. The vulnerability exists as multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of...

4.3CVSS1.9AI score0.04248EPSS
Exploits0References35Affected Software1
Hacker One
Hacker One
added 2019/09/27 5:49 p.m.19 views

Mail.ru: Information Disclosure [ https://curious.ru/api/submissions ]

API endpoint at curious.ru disclosed e-mails of subscribed users...

0.2AI score
Exploits0
CNVD
CNVD
added 2019/09/11 12:0 a.m.2 views

Unauthorized Access Vulnerability in AliCloud IoT Platform

AliCloud IoT Platform is a cloud service platform for the IoT field, which communicates through mainstream IoT protocols e.g., MQTT, allowing IoT projects to be built between smart devices and the cloud. An unauthorized access vulnerability exists in the AliCloud IoT platform, which can be...

6.8AI score
Exploits0
CNVD
CNVD
added 2018/12/17 12:0 a.m.2 views

WordPress WP Maintenance Mode Plugin Information Disclosure Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP Maintenance Mode Plugin is used in one of the site maintenance page settings plugin. An information disclosu...

4.3CVSS6.1AI score0.00978EPSS
Exploits0References1
CNVD
CNVD
added 2018/10/19 12:0 a.m.3 views

Juniper Junos OS Denial of Service Vulnerability (CNVD-2018-21801)

Juniper Junos OS is a Juniper Networks network operating system designed for the company's hardware systems. The OS provides a secure programming interface and the Junos SDK. A denial of service vulnerability exists in Juniper Junos OS, which arises from the program's failure to restrict the IP...

9.6CVSS7.7AI score0.01137EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2018/02/20 10:14 p.m.15 views

fastech-racing.com XSS vulnerability

Open Bug Bounty ID: OBB-564474 Description| Value ---|--- Affected Website:| fastech-racing.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
OSV
OSV
added 2017/09/25 4:29 p.m.4 views

CVE-2017-1555

IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545...

4.3CVSS5.8AI score0.00909EPSS
Exploits0References3
OSV
OSV
added 2017/04/13 2:59 p.m.5 views

CVE-2016-2104

Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the label parameter to admin/BunchDetail.do; 2 the packagename, 3 searchsubscribedchannels, or 4 channelfilter parameter to software/packages/NameOverview.d...

6.1CVSS5.9AI score0.01175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2016/05/19 12:0 a.m.3 views

PT-2017-7998 · Red Hat · Red Hat Satellite

Name of the Vulnerable Software and Affected Versions: Red Hat Satellite 5 affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API...

6.1CVSS6AI score0.01578EPSS
Exploits0References40
Exploit DB
Exploit DB
added 2010/10/30 12:0 a.m.22 views

Simpli Easy (AFC Simple) NewsLetter 4.2 - Cross-Site Scripting / Information Leakage

Simpli Easy AFC Simple Newsletter " method="post" Proof-of-concept: http://www.example.com/cp.php?do="alert1 2. Information Leakage By default, application saves subscribed email addresses and correspondent IP addresses to plain text file el.txt Proof-of-concept: http://www.example.com/el.txt...

7.4AI score
Exploits0
Prion
Prion
added 2009/10/08 5:30 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823...

4.3CVSS6.1AI score0.03645EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2009/02/27 12:0 a.m.12 views

Fedora Update for liferea FEDORA-2007-1146

Check for the Version of liferea OpenVAS Vulnerability Test Fedora Update for liferea FEDORA-2007-1146 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

7.4AI score
Exploits0References2
OpenVAS
OpenVAS
added 2009/02/17 12:0 a.m.24 views

Fedora Update for liferea FEDORA-2008-3249

Check for the Version of liferea OpenVAS Vulnerability Test Fedora Update for liferea FEDORA-2008-3249 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

9.3CVSS0.2AI score0.02897EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2008/10/21 12:0 a.m.31 views

Opera < 9.61 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 9.61 and thus reportedly affected by several issues : - It may be possible to reveal a user's browsing history by exploiting certain constructs in Opera's History Search results 903. - Opera's Fast Forward feature is affected by a...

5.8CVSS5.9AI score0.45729EPSS
Exploits4References8
Fedora
Fedora
added 2008/09/28 6:40 p.m.28 views

[SECURITY] Fedora 8 Update: liferea-1.4.15-4.fc8

Liferea Linux Feed Reader is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents...

10CVSS2AI score0.05077EPSS
Exploits3
Fedora
Fedora
added 2008/02/13 5:4 a.m.32 views

[SECURITY] Fedora 8 Update: liferea-1.4.11-2.fc8

Liferea Linux Feed Reader is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents...

9.3CVSS2AI score0.08633EPSS
Exploits4
Fedora
Fedora
added 2007/11/06 4:10 p.m.28 views

[SECURITY] Fedora 8 Update: liferea-1.2.23-5.fc8

Liferea Linux Feed Reader is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents...

2.1CVSS6.4AI score0.00341EPSS
Exploits0
Rows per page
Query Builder