Lucene search
+L

154 matches found

cnvd
cnvd
added 2018/11/26 12:0 a.m.6 views

Vanilla Remote Code Execution Vulnerability (CNVD-2019-06793)

Vanilla is an open source multi-language, fully extensible forum program. A security vulnerability exists in Vanilla versions prior to 2.5.5 and 2.6.x prior to 2.6.2. A remote attacker can exploit this vulnerability to execute code by calling the 'unserialize' function...

7.2CVSS7.5AI score0.02017EPSS
Exploits1References1
cnvd
cnvd
added 2018/09/06 12:0 a.m.4 views

BTITeam XBTIT Cross-Site Scripting Vulnerability (CNVD-2019-28273)

XBTIT is an open source tracking software. A stored cross-site scripting vulnerability exists in newsfeed /index.php?page=viewnews in BTITeam XBTIT 2.5.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the headline of a news item...

6.1CVSS5.9AI score0.00474EPSS
Exploits1References1
cnvd
cnvd
added 2018/08/28 12:0 a.m.4 views

ASP4CMS AspCMS Elevation of Privilege Vulnerability

ASP4CMS AspCMS is China's ASP4CMS open source laboratory of a free enterprise website construction system . The system supports customized templates and plug-in extensions and other features. ASP4CMS AspCMS 2.5.6 version of a security vulnerability , the vulnerability stems from the /member/reg.a...

9.8CVSS9.5AI score0.02009EPSS
Exploits1References1
cnvd
cnvd
added 2018/01/05 12:0 a.m.5 views

IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-01129)

IBM Tivoli Key Lifecycle Manager enables you to locally create, distribute, back up, archive and manage the lifecycle of keys and certificates in your organization. An information disclosure vulnerability exists in IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7. The vulnerability arises becau...

5.9CVSS6.2AI score0.00829EPSS
Exploits0References1
cnvd
cnvd
added 2018/01/05 12:0 a.m.4 views

IBM Tivoli Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2018-01130)

IBM Tivoli Key Lifecycle Manager enables you to locally create, distribute, back up, archive and manage the lifecycle of keys and certificates in your organization. An information disclosure vulnerability exists in IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7. The vulnerability arises becau...

5.9CVSS6.2AI score0.00842EPSS
Exploits0References1
cnvd
cnvd
added 2017/07/03 12:0 a.m.12 views

Foscam C1 Indoor HD Camera cgiproxy.fcgi dns2 address configuration command injection vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...

8.8CVSS7AI score0.04527EPSS
Exploits1References1
cnvd
cnvd
added 2017/07/03 12:0 a.m.6 views

Foscam C1 Indoor HD Camera Command Injection Vulnerability (CNVD-2017-14064)

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...

8.8CVSS7AI score0.04782EPSS
Exploits1References1
osv
osv
added 2017/02/02 10:59 p.m.3 views

CVE-2016-6103

IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

8.8CVSS5.7AI score0.00554EPSS
Exploits0References2
cnvd
cnvd
added 2015/07/24 12:0 a.m.5 views

Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability (CNVD-2015-04988)

Cisco WebEx Meetings Server CWMS is the United States Cisco Cisco WebEx meeting program in a set of multifunctional meeting solutions that include audio, video and Web conferencing. A cross-site request forgery vulnerability exists in CWMS version 2.5 MR1. A remote attacker can exploit this...

6.8CVSS6.9AI score0.00981EPSS
Exploits0References1
cnvd
cnvd
added 2015/05/28 12:0 a.m.16 views

HP SDN VAN Controller devices denial of service vulnerability

HP SDN VAN Controller devices are a suite of unified control devices from Hewlett-Packard HP that provide OpenFlow open source networking technology networking capabilities. A denial of service vulnerability exists in HP SDN VAN Controller devices version 2.5 and earlier versions, which could be...

7.8CVSS6.7AI score0.02614EPSS
Exploits0References1
redhat
redhat
added 2011/01/25 3:30 p.m.6 views

3.0.3): Arbitrary Java code execution via an HTTP request containing a specially-crafted .jar file

SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...

6CVSS7.8AI score0.52003EPSS
Exploits11References4
ptsecurity
ptsecurity
added 2006/09/19 12:0 a.m.8 views

PT-2006-5618 · All Enthusiast · Reviewpost

Name of the Vulnerable Software and Affected Versions: All Enthusiast ReviewPost version 2.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the RP PATH parameter in the index.php file. Recommendations: For All Enthusiast ReviewPost version 2.5, consider...

7.5CVSS7.3AI score0.02967EPSS
Exploits1References7
redhat
redhat
added 2005/06/14 7:40 p.m.6 views

security flaw

Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the httpaccess configuration, which could lead to less restrictive ACLs than intended by the administrator...

7.5CVSS5.8AI score0.01727EPSS
Exploits0References4
osv
osv
added 2005/01/25 5:0 a.m.2 views

DEBIAN-CVE-2005-0096

Memory leak in the NTLM fakeauthauth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service memory consumption...

5CVSS6.3AI score0.09424EPSS
Exploits0References1
Rows per page
Query Builder