CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

133 matches found

Prion•added 2020/03/22 8:15 p.m.•12 views

Cross site scripting

Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter...

3.5CVSS4.8AI score0.73564EPSS

Exploits1References1Affected Software1

Veracode•added 2019/10/03 6:36 a.m.•15 views

Directory Traversal

Butor Portal is vulnerable to path traversal. Lack of validation on user provided path via the theme t parameter allows an attacker to to inject malicious substring /wl?t=../../...= followed by a filename to get access to the file...

7.5CVSS7.5AI score0.02248EPSS

Exploits1References5Affected Software1

CNVD•added 2018/12/24 12:0 a.m.•2 views

phpipam cross-site scripting vulnerability (CNVD-2019-43862)

phpIPAM is a set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in the /app/admin/users/print-user.php file in PHPipam 1.3.2 and earlier versions. An attacker can exploit this vulnerability to execute code in a user's browser...

5.4CVSS6.5AI score0.0095EPSS

Exploits1References1

Prion•added 2018/12/20 5:29 p.m.•10 views

Design/Logic Flaw

PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. AdminVictim views user in admin-panel and gets...

3.5CVSS5.6AI score0.0095EPSS

Exploits1References2Affected Software1

Cvelist•added 2018/12/11 8:0 p.m.•18 views

CVE-2018-20064

doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the themecontentnofi parameter...

7.6AI score0.02655EPSS

Exploits1References1

CNVD•added 2017/11/01 12:0 a.m.•1 views

Nice PHP FAQ Script SQL Injection Vulnerability

Nice PHP FAQ Script is a PHP-based website autoresponder script. A SQL injection vulnerability exists in Nice PHP FAQ Script. The vulnerability can be exploited to inject SQL commands by sending the 'nicetheme' parameter to the index.php file...

9.8CVSS8.3AI score0.02652EPSS

Exploits5References1

Prion•added 2015/06/18 6:59 p.m.•14 views

Directory traversal

Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource...

5CVSS7AI score0.17681EPSS

Exploits5References3Affected Software1

0day.today•added 2015/03/27 12:0 a.m.•33 views

Joomla Spider FAQ Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Joomla Spider FAQ component SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://demo.web-dorado.com/spider-faq.html Date : 21/03/2015 Discovered at : IndiShell Lab Love to : zero cool,Te...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•14 views

Flatnux CMS 2013-01.17 (index.php, theme param) - Local File Inclusion

No description provided by source. Exploit Title: Flatnux CMS Local File Inclusion Date: 21-03-2013 Author: DaOne aka Mocking Bird Vendor Homepage: http://flatnux.altervista.org/ Software Link: http://flatnux.altervista.org/download.html?f=Flatnux-Next/flatnux-2013-01.17.zip Category: webapps/php...

7.1AI score

Exploits0

Prion•added 2013/05/10 9:55 p.m.•12 views

Sql injection

SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter...

7.5CVSS9.2AI score0.05395EPSS

Exploits1References7Affected Software1

Prion•added 2012/10/09 3:55 p.m.•10 views

Directory traversal

Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 allows remote attackers to read arbitrary files via a ..%2F encoded dot dot slash in the theme parameter...

6.8CVSS7.1AI score0.0158EPSS

Exploits1References5Affected Software1

Packet Storm•added 2010/08/17 12:0 a.m.•25 views

MailForm 1.2 Remote File Inclusion

Exploit Title: MailForm Remote File Include Date: 14-8-2010 Author: LoSt.HaCkEr / aDaMTRoJaN Software Link: http://scripts.bdr130.net/files/any/MailForm.zip Version: v 1.2 Tested on: Windows XP CVE : هكر المسيب Contact: LoSt.HaCkEratyahoodotcom /0r/ [email protected]...

7.4AI score

Exploits0

0day.today•added 2010/08/13 12:0 a.m.•23 views

MailForm 1.2 Remote File Include Vulnerability

Exploit for php platform in category web applications ============================================== MailForm 1.2 Remote File Include Vulnerability ============================================== Exploit Title: MailForm Remote File Include Date: 14-8-2010 Author: LoSt.HaCkEr / aDaMTRoJaN Software...

7.1AI score

Exploits0

OSV•added 2010/06/15 2:30 p.m.•3 views

DEBIAN-CVE-2010-2275

Cross-site scripting XSS vulnerability in dijit/tests/testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/testButton.html...

4.3CVSS6AI score0.02899EPSS

Exploits1References1

0day.today•added 2010/05/30 12:0 a.m.•29 views

GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion

Exploit for php platform in category web applications =========================================================================== GR Board v1.8.6.1 stab page.php?theme Remote File Inclusion Vulnerability ===========================================================================...

7.1AI score

Exploits0

OpenVAS•added 2010/03/18 12:0 a.m.•15 views

Tribisur Multiple Vulnerabilities

Tribisur is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.8AI score0.01857EPSS

Exploits1References4

Cvelist•added 2009/02/26 4:0 p.m.•20 views

CVE-2008-6295

Multiple cross-site scripting XSS vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.php and 2 rss.php; the query string after the image name in 3 photos/photo; the path parameter to 4 folder.php; page parameter and...

5.8AI score0.01033EPSS

Exploits0References4

Cvelist•added 2008/10/28 7:0 p.m.•22 views

CVE-2008-4773

Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. dot dot in the theme parameter...

6.5AI score0.02672EPSS

Exploits1References4

NVD•added 2008/10/08 2:0 a.m.•25 views

CVE-2008-4483

Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter...

6.8CVSS7.1AI score0.01857EPSS

Exploits1References4

ATTACKERKB•added 2008/06/24 7:41 p.m.•1 views

CVE-2008-2840

Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the theme parameter to 1 custompage.php, 2 errors/404.php, 3 members/memberslist.php, 4 members/profile.php, 5 news/fullview.php, 6...

6.8CVSS6AI score0.01268EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by