Lucene search
K

53 matches found

EUVD
EUVD
added 2026/07/04 12:5 p.m.9 views

EUVD-2026-41671

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlyi...

8.3CVSS6AI score0.00256EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:17 a.m.7 views

CVE-2017-1000238

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver...

8.8CVSS6.7AI score0.0107EPSS
Exploits1References1
0day.today
0day.today
added 2021/09/22 12:0 a.m.179 views

Online Reviewer System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Online Reviewer System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...

0.7AI score
Exploits0
Securelist
Securelist
added 2018/04/23 10:0 a.m.299 views

Energetic Bear/Crouching Yeti: attacks on servers

Energetic Bear/Crouching Yeti is a widely known APT group active since at least 2010. The group tends to attack different companies with a strong focus on the energy and industrial sectors. Companies attacked by Energetic Bear/Crouching Yeti are geographically distributed worldwide with a more...

8.5AI score
Exploits0
Prion
Prion
added 2017/11/17 3:29 a.m.14 views

Design/Logic Flaw

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver...

6.5CVSS8.5AI score0.0107EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2017/11/17 3:29 a.m.13 views

CVE-2017-1000238

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver...

8.8CVSS8.6AI score0.0107EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/11/17 3:0 a.m.18 views

CVE-2017-1000238

InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver...

8.6AI score0.0107EPSS
Exploits1References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Underground CMS 1.x Search.Cache.Inc.PHP Backdoor Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26521/info Underground CMS is prone to a backdoor vulnerability. Attackers can exploit this issue to gain unauthorized access to the application. Successful attacks will compromise the affected application and possibly th...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Sambar Server 4.x/5.0 Insecure Default Password Protection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3095/info Sambar Server is a multi-threaded HTTP server for Microsoft Windows and Unix systems. Sambar Server provides insecure default protection for user passwords. The default password decryption algorithm employs only...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Dokeos <= 1.8.4 main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Prototype of an PHP application 0.1 common.inc.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Prototype of an PHP application 0.1 ident/identification.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Prototype of an PHP application 0.1 plugins/phpgacl/index.php path_inc Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Blog System 1.x Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/39406/info Blog System is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Dokeos <= 1.8.4 whoisonline.php id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.261 views

SPIP 1.8.3 Spip_login.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17423/info SPIP is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remot...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

AzDGVote 0 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17447/info AzDGVote is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2010/12/02 12:0 a.m.18 views

LittlePhpGallery <= 1.0.2 LFI Vulnerability

LittlePhpGallery is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.8CVSS6.4AI score0.01952EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2010/02/24 12:0 a.m.17 views

OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/38402/info OpenInferno OI.Blogs is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information and execute...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2009/11/10 12:0 a.m.33 views

CuteNews 1.4.6 - &#039;index.php&#039; Cross-Site Request Forgery (New User Creation)

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

7.4AI score
Exploits0
Rows per page
Query Builder