Lucene search
K
NucleiRecent

4145 matches found

Nuclei
Nuclei
•added yesterday•36 views

PHP Proxy 3.0.3 - Local File Inclusion

PHP Proxy 3.0.3 is susceptible to local file inclusion vulnerabilities that allow unauthenticated users to read files from the server via index.php?q=file:/// a different vulnerability than CVE-2018-19246. id: CVE-2018-19458 info: name: PHP Proxy 3.0.3 - Local File Inclusion author: daffainfo...

7.5CVSS7AI score0.32885EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•38 views

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

7.5CVSS7AI score0.39391EPSS
Exploits4References5
Nuclei
Nuclei
•added yesterday•50 views

Loytec LGATE-902 <6.4.2 - Local File Inclusion

Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability. id: CVE-2018-14916 info: name: Loytec LGATE-902 6.4.2 - Local File Inclusion author: 0xAkoko severity: critical description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion...

9.4CVSS7AI score0.17195EPSS
Exploits3References5
Nuclei
Nuclei
•added yesterday•27 views

Joomla! Component Address Book 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the AddressBook comaddressbook component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1471 info: name: Joomla! Component Address Book 1.5.0 - Local File Inclusion...

7.5CVSS6.2AI score0.16152EPSS
Exploits2References4
Nuclei
Nuclei
•added yesterday•23 views

Joomla! Component User Status - Local File Inclusion

A directory traversal vulnerability in userstatus.php in the User Status comuserstatus component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1304 info: name: Joomla! Component User Status - Local File...

5CVSS6.2AI score0.14041EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•63 views

Joomla! Component NoticeBoard 1.3 - Local File Inclusion

A directory traversal vulnerability in the Code-Garage NoticeBoard comnoticeboard component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1658 info: name: Joomla!...

5CVSS6.2AI score0.16014EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•66 views

LG SuperSign EZ CMS 2.5 - Local File Inclusion

LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion. id: CVE-2018-16288 info: name: LG SuperSign EZ CMS 2.5 - Local File Inclusion author: daffainfo severity: high description: | LG SuperSign CMS 2.5 allows reading of...

8.6CVSS7.1AI score0.35828EPSS
Exploits5References5
Nuclei
Nuclei
•added yesterday•67 views

Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection

SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. id: CVE-2018-6605 info: name: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection author: DhiyaneshDk severity...

9.8CVSS7AI score0.58324EPSS
Exploits5References3
Nuclei
Nuclei
•added yesterday•23 views

WordPress Duplicator Plugin < 1.2.42 - Arbitrary Code Execution

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. id: CVE-2018-17207 info: name:...

9.8CVSS7.2AI score0.58794EPSS
Exploits4References2
Nuclei
Nuclei
•added yesterday•19 views

Schneider Electric U.motion Builder - Remote Code Execution

U.motion Builder 1.3.4 contains a remote code execution vulnerability caused by improper input sanitization, allowing attackers to execute arbitrary system commands through crafted input parameters. id: CVE-2018-7841 info: name: Schneider Electric U.motion Builder - Remote Code Execution author:...

9.8CVSS7.5AI score0.72486EPSS
Exploits6References4
Nuclei
Nuclei
•added yesterday•78 views

Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure

Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true...

5CVSS7AI score0.53728EPSS
Exploits9References5
Nuclei
Nuclei
•added yesterday•58 views

FlexPaper/FlowPaper 2.3.6 - Remote Code Execution

The Publish Service in FlexPaper later renamed FlowPaper 2.3.6 allows remote code execution via setup.php and changeconfig.php. id: CVE-2018-11686 info: name: FlexPaper/FlowPaper 2.3.6 - Remote Code Execution author: iamnoooob,pdresearch,pszyszkowski severity: critical description: | The Publish...

9.8CVSS7.4AI score0.49787EPSS
Exploits4References1
Nuclei
Nuclei
•added yesterday•47 views

DedeCMS 5.7 - Path Disclosure

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/incarchivesfunctions.php id: CVE-2018-6910 info: name: DedeCMS 5.7 - Path Disclosure author: pikpikcu severity: high description: DedeCMS 5.7 allows remote attackers to discover t...

7.5CVSS7AI score0.18955EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•94 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...

10CVSS7.1AI score0.42551EPSS
Exploits1References3
Nuclei
Nuclei
•added yesterday•67 views

Fortinet FortiOS - Cross-Site Scripting

Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters. id: CVE-2018-13380 info: name:...

6.1CVSS6.4AI score0.62474EPSS
Exploits0References5
Nuclei
Nuclei
•added yesterday•51 views

IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion

IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. id: CVE-2018-10956 info: name: IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion author: 0xAkoko severity: high description: | IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. impact: | An...

7.5CVSS7AI score0.56318EPSS
Exploits6References5
Nuclei
Nuclei
•added yesterday•73 views

Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting

Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/comsunwebui/help/helpwindow.jsp windowTitle parameter. id: CVE-2018-19439 info: name: Oracle Secure Global...

6.1CVSS6.4AI score0.20457EPSS
Exploits3References5
Nuclei
Nuclei
•added yesterday•43 views

Joomla! Component Cookex Agency CKForms - Local File Inclusion

A directory traversal vulnerability in the Cookex Agency CKForms comckforms component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1345 info: name: Joomla! Component Cookex Agency CKForms - Local File...

5CVSS6.2AI score0.16872EPSS
Exploits1References4
Nuclei
Nuclei
•added yesterday•33 views

Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion

A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr comjoomlaflickr component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1980 info: name: Joomla! Component...

7.5CVSS6.3AI score0.18835EPSS
Exploits3References5
Nuclei
Nuclei
•added yesterday•54 views

Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion

A directory traversal vulnerability in the Community Polls comcommunitypolls component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1081 info: name: Joomla! Component...

5CVSS6.2AI score0.14331EPSS
Exploits1References4
Nuclei
Nuclei
•added yesterday•75 views

Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion

A directory traversal vulnerability in the GCalendar comgcalendar component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-0972 info: name: Joomla! Component comgcalendar Suite 2.1.5 -...

7.5CVSS6.3AI score0.13257EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•41 views

Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion

A directory traversal vulnerability in the Realtyna Translator comrealtyna component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2682 info: name: Joomla!...

7.5CVSS6.2AI score0.14311EPSS
Exploits2References5
Nuclei
Nuclei
•added yesterday•49 views

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the traceroute function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic...

10CVSS7.1AI score0.39544EPSS
Exploits1References3
Nuclei
Nuclei
•added yesterday•44 views

Adobe Experience Manager - XML External Entity Injection

Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2019-8086 info: name: Adobe...

7.5CVSS7AI score0.24141EPSS
Exploits0References5
Nuclei
Nuclei
•added yesterday•192 views

Jfrog Artifactory <6.17.0 - Default Admin Password

Jfrog Artifactory prior to 6.17.0 uses default passwords such as "password" for administrative accounts and does not require users to change them. This may allow unauthorized network-based attackers to completely compromise of Jfrog Artifactory. id: CVE-2019-17444 info: name: Jfrog Artifactory...

9.8CVSS7AI score0.69445EPSS
Exploits0References4
Nuclei
Nuclei
•added yesterday•159 views

FlightPath - Local File Inclusion

FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion. id: CVE-2019-13396 info: name: FlightPath - Local File Inclusion author: 0xAkoko,daffainfo severity: medium description: FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file inclusion...

5.3CVSS6.2AI score0.62572EPSS
Exploits5References5
Nuclei
Nuclei
•added yesterday•83 views

Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and...

7.5CVSS6.8AI score0.99876EPSS
Exploits19References5
Nuclei
Nuclei
•added yesterday•76 views

Zoho ManageEngine OpManager - SQL Injection

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

7.5CVSS7AI score0.66347EPSS
Exploits1References2
Nuclei
Nuclei
•added yesterday•123 views

Ruby On Rails - Local File Inclusion

Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. id: CVE-2018-3760 info: name: Ruby On Rails - Local File Inclusio...

7.5CVSS7AI score0.26717EPSS
Exploits2References5
Nuclei
Nuclei
•added yesterday•92 views

Kibana - Local File Inclusion

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with...

9.8CVSS6.9AI score0.82251EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•36 views

Tyto Sahi pro 7.x/8.x - Local File Inclusion

Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files. id: CVE-2018-20470 info: name: Tyto Sahi pro 7.x/8.x - Local File Inclusion author: daffainfo...

7.5CVSS7AI score0.45055EPSS
Exploits6References4
Nuclei
Nuclei
•added yesterday•63 views

NagiosXI <= 5.4.12 menuaccess.php - SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. id: CVE-2018-10738 info: name: NagiosXI = 5.4.12 menuaccess.php - SQL injection author: DhiyaneshDk severity: high description: | A SQL injection issue was discovered in Nagios XI befor...

7.2CVSS7AI score0.42556EPSS
Exploits2References2
Nuclei
Nuclei
•added yesterday•87 views

Anchor CMS 0.12.3 - Error Log Exposure

Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred. id: CVE-2018-7251 info: name: Anchor CMS 0.12.3 ...

9.8CVSS7AI score0.72272EPSS
Exploits4References5
Nuclei
Nuclei
•added yesterday•49 views

LG-Ericsson iPECS NMS 30M - Local File Inclusion

Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. id: CVE-2018-15138 info: name: LG-Ericsson iPECS NMS 30M - Local File Inclusion author: 0xAkoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via...

7.5CVSS7AI score0.12851EPSS
Exploits0References4
Nuclei
Nuclei
•added yesterday•62 views

WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting

WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in processforms via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php. id: CVE-2018-18069 info: name: WordPress...

6.1CVSS6.3AI score0.13207EPSS
Exploits2References5
Nuclei
Nuclei
•added yesterday•104 views

Spring MVC Framework - Local File Inclusion

Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...

5.9CVSS6.8AI score0.35681EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•21 views

Zimbra Collaboration Suite - Cross-site Scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. id:...

6.1CVSS6.9AI score0.23717EPSS
Exploits2References2
Nuclei
Nuclei
•added yesterday•138 views

Joomla! Component PrayerCenter 3.0.2 - SQL Injection

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. id: CVE-2018-7314 info: name: Joomla! Component PrayerCenter 3.0.2 - SQL Injection author: DhiyaneshDK severity: critical description: | SQL Injection...

9.8CVSS7AI score0.58373EPSS
Exploits6References4
Nuclei
Nuclei
•added yesterday•45 views

Joomla! Component com_biblestudy - Local File Inclusion

A directory traversal vulnerability in the Bible Study combiblestudy component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter in a studieslist action to index.php. id: CVE-2010-0157 info: name: Joomla! Component...

7.5CVSS6.3AI score0.12969EPSS
Exploits1References4
Nuclei
Nuclei
•added yesterday•35 views

Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion

A directory traversal vulnerability in the TRAVELbook comtravelbook component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1535 info: name: Joomla! Component...

7.5CVSS6.2AI score0.15334EPSS
Exploits2References4
Nuclei
Nuclei
•added yesterday•66 views

Joomla! Component Graphics 1.0.6 - Local File Inclusion

A directory traversal vulnerability in graphics.php in the Graphics comgraphics component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1653 info: name: Joomla! Component...

7.5CVSS6.3AI score0.13373EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•95 views

NagiosXI <= 5.4.12 logbook.php SQL injection

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. id: CVE-2018-10737 info: name: NagiosXI = 5.4.12 logbook.php SQL injection author: DhiyaneshDK severity: high description: | A SQL injection issue was discovered in Nagios XI before 5.4....

7.2CVSS7AI score0.42556EPSS
Exploits2References2
Nuclei
Nuclei
•added yesterday•73 views

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...

5.3CVSS6.5AI score0.17118EPSS
Exploits0References5
Nuclei
Nuclei
•added yesterday•103 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. id: CVE-2018-19914 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS6.3AI score0.03316EPSS
Exploits5References5
Nuclei
Nuclei
•added yesterday•16 views

PHPCMS 2008 - Remote Code Execution via Template Injection

PHPCMS 2008 suffers from an unauthenticated RCE via template injection in type.php, where attacker-supplied content is written into a PHP template cache file, which is then executable. id: CVE-2018-19127 info: name: PHPCMS 2008 - Remote Code Execution via Template Injection author: tomaquet18...

9.8CVSS7AI score0.20766EPSS
Exploits0References3
Nuclei
Nuclei
•added yesterday•21 views

Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion

A directory traversal vulnerability in the iNetLanka Multiple root commultiroot component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1954 info: name: Joomla! Component iNetLanka Multiple root 1.0 ...

7.5CVSS6.2AI score0.16152EPSS
Exploits1References4
Nuclei
Nuclei
•added yesterday•121 views

MODx manager - Local File Inclusion

A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. dot dot in the classkey parameter when magicquotesgpc is disabled. id: CVE-2010-5278 info: name: MODx manag...

4.3CVSS6.2AI score0.17028EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•30 views

Joomla! Component iF surfALERT 1.2 - Local File Inclusion

A directory traversal vulnerability in the iF surfALERT comifsurfalert component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1717 info: name: Joomla! Component i...

7.5CVSS6.2AI score0.22285EPSS
Exploits1References5
Nuclei
Nuclei
•added yesterday•25 views

Joomla! Component WMI 1.5.0 - Local File Inclusion

A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface aka WMI or comwmi component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1607 info: name: Joomla!...

6.8CVSS6.3AI score0.08177EPSS
Exploits1References4
Nuclei
Nuclei
•added yesterday•43 views

Joomla! Component com_abbrev - Local File Inclusion

A directory traversal vulnerability in the Abbreviations Manager comabbrev component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-0985 info: name: Joomla! Component comabbrev - Local Fi...

7.5CVSS6.3AI score0.13445EPSS
Exploits1References5
Total number of security vulnerabilities4145