Lucene search
+L

196 matches found

Cvelist
Cvelist
added 2022/05/12 3:17 p.m.30 views

CVE-2022-29303

SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via confmail.php...

10AI score0.97961EPSS
Exploits6References2
NVD
NVD
added 2022/02/24 3:15 p.m.24 views

CVE-2022-23810

Template injection Improper Neutralization of Special Elements Used in a Template Engine vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to...

6.5CVSS0.01116EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2021/12/21 1:51 a.m.890 views

Exploit for CVE-2021-43224

CVE-2021-43224-POC Windows Common Log File System Driver...

7.8CVSS6.6AI score0.03872EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/02 12:0 a.m.59 views

JVN#91691168: goo blog App fails to restrict custom URL schemes properly

goo blog App by NTT Resonant Incorporated provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-284 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a user to access an...

5.3CVSS5.1AI score0.00993EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/14 12:0 a.m.67 views

JVN#54025691: Gurunavi Apps fail to restrict access permissions

Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability CWE-284 that may allow the vulnerable App to receive an request from an arbitrary App and execute an access. Impact A...

7.5CVSS7.4AI score0.01148EPSS
Exploits0
CVE
CVE
added 2021/04/07 7:15 a.m.40 views

CVE-2021-20688

CVE-2021-20688 is a cross-site scripting vulnerability affecting Click Ranker Ver.3.5. The description states a stored XSS flaw allowing remote attackers to inject an arbitrary script via unspecified vectors, potentially executing in the browser of users visiting a page using Click Ranker. Exploi...

6.1CVSS6.1AI score0.00756EPSS
Exploits0References1Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/04/01 12:0 a.m.51 views

JVN#73236007: Archive collectively operation utility vulnerable to directory traversal

Archive collectively operation utility provided by EikiSoft contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting from ZIP archives. Impact By expanding a malicious ZIP archive, arbitrary files may be created or overwritten with the...

7.1CVSS6.9AI score0.01001EPSS
Exploits0
NVD
NVD
added 2021/02/24 12:15 p.m.28 views

CVE-2021-20660

Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors...

6.1CVSS0.47165EPSS
Exploits0References3
NVD
NVD
added 2021/02/24 12:15 p.m.30 views

CVE-2021-20658

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors...

10CVSS0.03683EPSS
Exploits0References3
Prion
Prion
added 2021/02/24 12:15 p.m.25 views

Information disclosure

Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors...

4CVSS5.1AI score0.01112EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/02/24 12:15 p.m.18 views

Authentication flaw

Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors...

5CVSS7.9AI score0.02093EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/02/24 3:51 a.m.29 views

CVE-2021-20660

Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors...

6.7AI score0.47165EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/01/14 12:0 a.m.77 views

JVN#35906450: Multiple vulnerabilities in acmailer

acmailer provided by Seeds Co.,Ltd. contains multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20617 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/Au:N/C:P/I:P/A:P| Base Score: 7.5...

10CVSS10AI score0.07871EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/10/14 12:0 a.m.18 views

Adobe Flash Player Within Google Chrome Security Update (APSB20-58) - Windows

Adobe Flash Player is prone to an arbitrary code execution vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

9.3CVSS9.1AI score0.04427EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/04/08 12:0 a.m.68 views

JVN#89224521: Multiple vulnerabilities in EasyBlocks IPv6

EasyBlocks IPv6 provided by Plat'Home Co., Ltd. contains multiple vulnerabilities listed below. Cross site request forgeryCWE-352 - CVE-2020-5549 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N| Base Score: 4.3 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base...

8.8CVSS8.5AI score0.0186EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/04/08 12:0 a.m.44 views

Google Chrome Security Update (stable-channel-update-for-desktop_7-2020-04) - Windows

Google Chrome is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS7.1AI score0.10586EPSS
Exploits9References3
NVD
NVD
added 2020/03/25 9:15 p.m.29 views

CVE-2020-10886

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port...

9.8CVSS8.8AI score0.055EPSS
Exploits0References1
NVD
NVD
added 2020/03/25 9:15 p.m.22 views

CVE-2020-10883

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

7.8CVSS6.1AI score0.05898EPSS
Exploits4References2
Prion
Prion
added 2020/03/25 9:15 p.m.30 views

Hardcoded credentials

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP...

5.8CVSS8.8AI score0.2468EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2020/03/25 7:15 p.m.18 views

CVE-2020-10885

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results...

8.1CVSS9.6AI score0.07219EPSS
Exploits0References1
Rows per page
Query Builder