CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2019/12/19 3:30 p.m.•69 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Cognos Analytics. These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018, April 2018, July 2018, October 2018, January 2019 and April 2019. Cognos Analytics has...

10CVSS0.5AI score0.55229EPSS

Exploits15Affected Software1

Tenable Nessus•added 2019/06/11 12:0 a.m.•31 views

Security Updates for Azure DevOps Server (June 2019)

The Azure DevOps Server is missing a security update. It is, therefore, affected by a cross-site request forgery XSRF vulnerability: - A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. A...

6.5CVSS6.4AI score0.04629EPSS

Exploits0References3

Tenable Nessus•added 2018/12/17 12:0 a.m.•46 views

openSUSE Security Update : phpMyAdmin (openSUSE-2018-1547)

This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245 : - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...

8.8CVSS7.1AI score0.02384EPSS

Exploits0References4

phpMyAdmin•added 2018/12/07 12:0 a.m.•59 views

XSRF/CSRF vulnerability in phpMyAdmin

PMASA-2018-7 Announcement-ID: PMASA-2018-7 Date: 2018-12-07 Summary XSRF/CSRF vulnerability in phpMyAdmin Description By deceiving a user to click on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages,...

8.8CVSS7.6AI score0.00437EPSS

Tenable Nessus•added 2018/11/05 12:0 a.m.•26 views

Drupal 8.x < 8.2.7 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A security bypass vulnerability exists in the editor module due to a failure to properly check access restrictions when adding private files with a configured text editor e.g...

8.1CVSS8.5AI score0.03314EPSS

Exploits0References5

Exploit DB•added 2018/05/27 12:0 a.m.•55 views

Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit Title: Sharetronix CMS XSRF Vulnerability Version : 3.6.2 Exploit Author: Hesam Bazvand Software Link: http://sharetronix.ir/wp-content/uploads/2014/10/gold.zip Tested on: Windows 10 / Kali Linux Category: WebApps Dork : Use You Mind :D Email : [email protected] Video :...

7.4AI score

OSV•added 2017/12/28 1:16 p.m.•1 views

MGASA-2017-0471 Updated phpmyadmin packages fix security vulnerability

Due to an XSRF/CSRF vulnerability in phpMyAdmin before 4.7.7, by deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc PMASA-2017-9. The phpmyadmin package has been updated to version 4.7.7 to fix...

6.9AI score

Exploits0References10

0day.today•added 2016/11/04 12:0 a.m.•23 views

ETchat 3.7 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: ETchatpersian version CMS Xsrf vulnerability Exploit Author: Hesam Bazvand Contact: https://www.facebook.com/hesam.king73 Software Link: http://dl.20script.ir/script/chat/et-chat-3.7-Persianwww.20script.ir.zip Tested on: Windows...

7.1AI score

Packet Storm•added 2016/11/03 12:0 a.m.•19 views

ETchat 3.7 Cross Site Request Forgery

Exploit Title: ETchatpersian version CMS Xsrf vulnerability Exploit Author: Hesam Bazvand Contact: https://www.facebook.com/hesam.king73 Software Link: http://dl.20script.ir/script/chat/et-chat-3.7-Persianwww.20script.ir.zip Tested on: Windows 7 / Kali Linux Category: WebApps Dork : User Your Min...

0.6AI score

OSV•added 2016/02/05 5:26 p.m.•9 views

MGASA-2016-0051 Updated phpmyadmin/phpseclib packages fix security vulnerability

Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers CVE-2016-1927. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full pa...

7.5CVSS6AI score0.01204EPSS

Exploits0References11

Atlassian•added 2015/12/22 10:57 a.m.•20 views

Backup action is XSRF vulnerable

XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...

Atlassian•added 2015/12/22 10:57 a.m.•19 views

Backup action is XSRF vulnerable

XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...

Atlassian•added 2015/12/22 10:55 a.m.•22 views

Backup action is XSRF vulnerable

XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...

Atlassian•added 2015/12/22 10:55 a.m.•18 views

Backup action is XSRF vulnerable

XSRF vulnerability was identified and fixed, so it was possible to trigger backup action taking application into maintenance mode. This could lead to overwriting an existing backup file...