Lucene search
K

47 matches found

CNNVD
CNNVD
added 2021/08/26 12:0 a.m.6 views

qdPM 跨站脚本漏洞

qdPM is a web-based open source project management tool. A cross-site scripting vulnerability exists in qdPM 9.1, which stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

5.4CVSS5.6AI score0.00413EPSS
Exploits1References2
CVE
CVE
added 2021/07/21 8:20 p.m.65 views

CVE-2021-32775

CVE-2021-32775 (Combodo iTop) : An information disclosure in iTop prior to versions 2.7.4 and 3.0.0 allowed a non-admin user to view many class/field values via a GroupBy Dashlet error message. The issue is fixed in 2.7.4 and 3.0.0. Affected product details and exact root cause are described in t...

7.7CVSS6.3AI score0.00779EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/04/19 12:0 a.m.5 views

Weak Password Vulnerability in Apache Ambari

Apache Ambari is a web-based tool that supports provisioning, management and monitoring of Apache Hadoop clusters. Apache Ambari suffers from a weak password vulnerability that can be exploited by an attacker to obtain sensitive information...

7AI score
Exploits0
CNVD
CNVD
added 2021/04/07 12:0 a.m.11 views

Redmine Cross-Site Scripting Vulnerability (CNVD-2021-27365)

Redmine is an open source, web-based project management and defect tracking tool. A cross-site scripting vulnerability exists in Redmine. An attacker can exploit this vulnerability via the backurl field to conduct a cross-site scripting attack...

6.1CVSS5.9AI score0.00735EPSS
Exploits0References1
CVE
CVE
added 2021/01/13 5:5 p.m.39 views

CVE-2020-15220

CVE-2020-15220 affects Combodo iTop (open-source IT Service Management platform). In iTop versions prior to 2.7.2 and 3.0.0, two cookies are created for the same session, enabling potential session hijacking. The issue is fixed in version 2.7.2 and in version 3.0.0. Connected sources corroborate ...

6.1CVSS6.1AI score0.00698EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/06/01 12:0 a.m.10 views

PT-2020-6874 · Flexnet +1 · Lmadmin +1

Name of the Vulnerable Software and Affected Versions: FlexNet Publisher's lmadmin version 11.16.5 Description: A Denial of Service DoS issue was found in FlexNet Publisher's lmadmin, related to resource release errors. This can be exploited by a remote attacker to cause a service disruption,...

7.8CVSS7AI score0.00654EPSS
Exploits0References6
CNVD
CNVD
added 2019/12/03 12:0 a.m.4 views

SALTO ProAccess SPACE Arbitrary File Write Vulnerability

Salto Systems ProAccess SPACE is a web-based access control management tool from Salto Systems, Spain. A security vulnerability exists in Salto Systems ProAccess SPACE version 5.4.3.0. An attacker can exploit the vulnerability to write arbitrary files...

9.8CVSS7AI score0.03508EPSS
Exploits3References1
Exploit DB
Exploit DB
added 2019/03/07 12:0 a.m.71 views

Kados R10 GreenBee - Multiple SQL Injection

=========================================================================================== Exploit Title: Kados R10 GreenBee - 'menulev1' SQL Injection Dork: N/A Date: 06-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.kados.info/ Software Link:...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/10/10 12:0 a.m.5 views

User-friendly SVN (USVN) Cross-Site Scripting Vulnerability

User-friendly SVN USVN is a web-based configuration tool for Subversion repositories. USVN allows you to create new projects, manage lists of authorized users, and more. A cross-site scripting vulnerability exists in User-friendly SVN USVN, which can be exploited to execute arbitrary script in a...

6.1CVSS6.2AI score0.00788EPSS
Exploits0References1
0day.today
0day.today
added 2017/05/31 12:0 a.m.47 views

OV3 Online Administration 3.0 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications !-- OV3 Online Administration 3.0 Authenticated Code Execution Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform for your data...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2017/05/31 12:0 a.m.44 views

OV3 Online Administration 3.0 - Directory Traversal

OV3 Online Administration 3.0 - Directory Traversal OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access PoC Exploit Vendor: novaCapta Software & Consulting GmbH Product web page: http://www.meacon.de Affected version: 3.0 Summary: With the decision to use the OV3 as a platform...

0.1AI score
Exploits0
CNVD
CNVD
added 2016/12/02 12:0 a.m.5 views

phpMyAdmin Remote Information Disclosure Vulnerability (CNVD-2016-11902)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A remote information disclosure vulnerability exists...

5.3CVSS6.8AI score0.01308EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/20 12:0 a.m.6 views

phpMyAdmin Information Disclosure Vulnerability (CNVD-2016-06457)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. An information disclosure vulnerability exists in...

5.3CVSS6.9AI score0.01339EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/19 12:0 a.m.3 views

ZOHO ManageEngine Firewall Analyzer Cross-Site Scripting Vulnerability

ZOHO ManageEngine Firewall Analyzer is the United States ZhuoHao ZOHO company's set of Web-based firewall log analysis tools. A cross-site scripting vulnerability exists in ZOHO ManageEngine Firewall Analyzer version 8.5, which can be exploited by an attacker to inject arbitrary web script or HTM...

6.1AI score
Exploits0References1
CNVD
CNVD
added 2016/06/29 12:0 a.m.4 views

phpMyAdmin cross-site scripting vulnerability (CNVD-2016-04396)

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site scripting vulnerability exists in...

6.1CVSS9.1AI score0.02182EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/30 12:0 a.m.4 views

ManageEngine Firewall Analyzer Directory Traversal Vulnerability

ManageEngine Firewall Analyzer is a web-based firewall log analysis tool that collects, correlates, analyzes, and reports on logs from firewalls, proxy servers, and Radius servers across the enterprise. A directory traversal vulnerability exists in ManageEngine Firewall Analyzer, which allows...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2015/01/30 12:0 a.m.2 views

ManageEngine Firewall Analyzer Cross-Site Scripting Vulnerability

ManageEngine Firewall Analyzer is a web-based firewall log analysis tool that collects, correlates, analyzes, and reports on logs from firewalls, proxy servers, and Radius servers across the enterprise. A cross-site scripting vulnerability exists in ManageEngine Firewall Analyzer that allows...

6.2AI score
Exploits0References1
Fedora
Fedora
added 2014/12/01 6:58 p.m.39 views

[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.12-1.fc19

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

6.5CVSS1.3AI score0.02725EPSS
Exploits3
ThreatPost
ThreatPost
added 2014/04/09 8:0 a.m.9 views

Etsy Feature Flags Keep Marketplace Online and Secure

BOSTON – Etsy is one of the Web’s biggest marketplaces. Its developers may be one of Web’s busiest teams. Proudly, the vintage and homemade goods online store, will push code to production upwards of 50 times a day. And, according to Kenneth Lee, senior product security engineer, they do so with...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2013/12/06 12:0 a.m.45 views

NagiosQL 3.2.0 SP2 Cross Site Scripting

I. VULNERABILITY ------------------------- Reflected XSS Attacks XSS vulnerabilities in NagiosQL 3.2.0 Servicepack 2 II. BACKGROUND ------------------------- NagiosQL is a web based administration tool designed for Nagios, but might also work with forks. It helps you to easily build a complex...

4.3CVSS0.01474EPSS
Exploits1
Rows per page
Query Builder