Lucene search
+L

254 matches found

Fedora
Fedora
added 2022/07/30 1:57 a.m.13 views

[SECURITY] Fedora 36 Update: golang-github-liamg-scout-0.15.1-5.fc36

A lightweight URL fuzzer and spider: Discover a web server's undisclosed file s, directories and VHOSTs...

7.3AI score
Exploits0
NVD
NVD
added 2022/07/17 10:15 p.m.27 views

CVE-2021-40149

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI...

5.9CVSS0.07443EPSS
Exploits4References3
Vulnrichment
Vulnrichment
added 2022/06/30 7:6 p.m.11 views

CVE-2022-33329

Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The /ajax/setsystime/...

9.1CVSS7.9AI score0.0428EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/06/30 7:5 p.m.8 views

CVE-2022-33327

Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The...

9.1CVSS10AI score0.0428EPSS
Exploits1References1
NVD
NVD
added 2022/04/12 12:15 p.m.20 views

CVE-2022-24248

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root along with any other file on the server that the PHP process user has the prope...

8.5CVSS0.20963EPSS
Exploits1References2
Prion
Prion
added 2022/04/12 12:15 p.m.15 views

Path traversal

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root along with any other file on the server that the PHP process user has the prope...

8.5CVSS6.5AI score0.20963EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/04/12 11:19 a.m.22 views

CVE-2022-24248

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root along with any other file on the server that the PHP process user has the prope...

8.5CVSS6.9AI score0.20963EPSS
Exploits1References4
CVE
CVE
added 2022/01/21 6:17 p.m.53 views

CVE-2021-23195

CVE-2021-23195 affects Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) 2.0.1.3. The issue is exposure of information through directory listing: if directory listing is enabled and no index file exists, a web server may return entire directory contents in HTML, enabling an attacker to...

5.3CVSS5.7AI score0.00845EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/06 12:0 a.m.16 views

RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read

The plugin does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server PoC As a subscriber, open...

6.5CVSS1.5AI score0.03005EPSS
Exploits2Affected Software1
GithubExploit
GithubExploit
added 2021/11/03 9:34 p.m.428 views

Exploit for Forced Browsing in Engineers_Online_Portal_Project Engineers_Online_Portal

CVE-2021-42671 CVE-2021-42671 - Broken access control vulnerab...

7.5CVSS8.8AI score0.19676EPSS
Exploits3
GithubExploit
GithubExploit
added 2021/11/03 5:51 p.m.590 views

Exploit for Cross-site Scripting in Online_Event_Booking_And_Reservation_System_Project Online_Event_Booking_And_Reservation_System

CVE-2021-42662 CVE-2021-42662 - Stored Cross-Site Scripting vu...

5.4CVSS5.5AI score0.01647EPSS
Exploits5
CNNVD
CNNVD
added 2021/10/14 12:0 a.m.3 views

Apache Tomcat 资源管理错误漏洞

Apache Tomcat is a lightweight Web application server from the Apache Foundation USA. The program implements support for Servlet and JavaServer Page JSP.A security vulnerability exists in Apache Tomcat, which stems from a web system or product that does not properly validate data boundaries when...

7.5CVSS6.1AI score0.10997EPSS
Exploits0References32
NVD
NVD
added 2021/05/25 1:15 p.m.19 views

CVE-2021-30194

CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read...

9.1CVSS0.01151EPSS
Exploits0References2
CNVD
CNVD
added 2021/04/19 12:0 a.m.4 views

File upload vulnerability at hybbs 2.3.2 template

hybbs is a PHP web program that supports plugin extensions and template extensions. A file upload vulnerability exists in the hybbs 2.3.2 template, which can be exploited by an attacker to gain control of the web server...

7.4AI score
Exploits0
Gitee
Gitee
added 2021/03/31 3:58 p.m.4 views

vulhub2

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for various areas, including web application security, web server security, and more. The primary purpose of Vulhub is to provide a simple and easy-to-use...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/02/24 12:0 a.m.3 views

File Upload Vulnerability in the Cloud Platform of Teaching Video Application of Guangzhou Aoweiya Electronic Technology Co.

Teaching video application cloud platform is based on the background of the current educational video resources construction and user demand research, developed to adapt to the development of the times and meet the needs of the school, with the effectiveness, multi-functional, distinctive feature...

7.5AI score
Exploits0
CVE
CVE
added 2021/02/23 7:31 a.m.86 views

CVE-2020-13697

NanoHTTPD (RouterNanoHTTPD.java, GeneralHandler) through version 2.3.1 is vulnerable to reflected XSS because the GET handler prints unsanitized query-string input into an HTML page. Multiple sources (NVD, CVE-2020-13697 records; Veracode and GHSA advisories; OSV/CVE records) describe this XSS is...

6.1CVSS6AI score0.00751EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/02/22 2:24 p.m.75 views

CVE-2021-3120

CVE-2021-3120 affects the WordPress plugin YITH WooCommerce Gift Cards Premium (versions prior to 3.3.1). The vulnerability is an arbitrary file upload leading to RCE , triggered when a valid Gift Card product is added to the cart and the parameter ywgc-upload-picture accepts a PHP file, storing ...

10CVSS9.8AI score0.36781EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2021/02/05 12:0 a.m.3 views

Command Execution Vulnerability in Five Fingers CMS Backend

Five Fingers CMS is an open source content management system that supports LNAMP architecture. Five Fingers CMS backend has a command execution vulnerability that can be exploited by attackers to gain control of the web server...

7.6AI score
Exploits0
CVE
CVE
added 2021/01/07 8:19 p.m.120 views

CVE-2021-23241

The CVE-2021-23241 entry affects MERCUSYS Mercury X18G 1.0.5 routers. The connected Nuclei template confirms a Local File Inclusion/Directory Traversal vulnerability via ../ in conjunction with a loginLess or login.htm URI, enabling an authentication bypass and access to sensitive web-server file...

5.3CVSS5.8AI score0.13436EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder