CWE:
 

Topic
Date
Author
High
WordPress Amministrazione Aperta 3.7.3 Arbitrary File Read
24.03.2022
Hassan Khan Yusufzai
High
TermTalk Server 3.24.0.2 Arbitrary File Read
05.01.2022
Fabiano Golluscio
High
Oliver Library Server v5 Arbitrary File Download
19.12.2021
Mandeep Singh, Ishaan ...
Med.
Grafana 8.3.0 Directory Traversal / Arbitrary File Read
09.12.2021
s1gh
High
TestLink 1.19 Arbitrary File Download
09.12.2021
Gonzalo Villegas
Med.
WordPress DZS Zoomsounds 6.45 Arbitrary File Read
05.12.2021
Uriel Yochpaz
High
WordPress Plugin DZS Zoomsounds 6.45 Arbitrary File Read (Unauthenticated)
03.12.2021
Uriel Yochpaz
High
Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download
16.11.2021
Rizal Muhammed
Med.
SAP Enterprise Portal Sensitive Data Disclosure
23.10.2021
Yvan Genuer
High
WordPress Duplicator 1.3.26 Arbitrary File Read
18.10.2021
nam3lum
High
Atlassian Confluence Server 7.5.1 Arbitrary File Read
06.10.2021
Mayank Deshmukh
Med.
WordPress BulletProof Security 5.1 Information Disclosure
06.10.2021
Ron Jost
Med.
Longjing Technology BEMS API 1.21 Remote Arbitrary File Download
30.07.2021
LiquidWorm
High
ES File Explorer 4.1.9.7.4 Arbitrary File Read
29.06.2021
Nehal Zaman
Med.
SAP Hybris eCommerce Information Disclosure
15.06.2021
Gaston Traberg
High
Hasura GraphQL 1.3.3 Arbitrary File Read
22.04.2021
Dolev Farhi
High
Novel Boutique House-plus 3.5.1 Arbitrary File Download
29.03.2021
tuyiqiang
Med.
Apache Flink 1.11.0 Unauthenticated Arbitrary File Read (Metasploit)
14.01.2021
Suncsr
Med.
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
08.01.2021
SunCSR
Med.
WordPress Plugin W3 Total Cache Unauthenticated Arbitrary File Read (Metasploit)
06.01.2021
SunCSR
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
Med.
Wordpress Plugin Duplicator 1.3.26 Unauthenticated Arbitrary File Read (Metasploit)
18.12.2020
Nguyen
High
Gitlab 12.9.0 Arbitrary File Read (Authenticated)
19.11.2020
Jasper Rasenberg
Low
Amazon Web Services - Database Disclosure (Sensitive Information)
13.09.2020
Gh05t666nero
Med.
HelloWeb 2.0 Arbitrary File Download
11.07.2020
bRpsd
High
jizhi CMS 1.6.7 Arbitrary File Download
21.04.2020
iej1ctk1g
High
Webtateas 2.0 Arbitrary File Read
15.04.2020
CBIITMC
Low
UniSharp Laravel File Manager 2.0.0 Arbitrary File Read
04.03.2020
NgoAnhDuc
Low
Antiprizuv Form-Data Log Emails Information Disclosure
26.12.2019
L4663r666h05t
High
IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 Arbitrary File Read
03.09.2019
Todor Donev
Med.
Joomla JS Support Ticket 1.1.5 Arbitrary File Download
09.08.2019
qw3rTyTy
Med.
DuckSell 3.0.0 Database Disclosure
10.06.2019
KingSkrupellos
Med.
SmartLIB Library Software Database Disclosure
03.06.2019
KingSkrupellos
Med.
OpenEvSys Software 2.2 Database Disclosure
02.06.2019
KingSkrupellos
Med.
Open-EMR HealthCare Software 5.0.1 Database Disclosure
02.06.2019
KingSkrupellos
Med.
GinoCMS Software 2.x Database Disclosure
02.06.2019
KingSkrupellos
Med.
OCSInventory-NG Software CMS 2.6 RC Database Disclosure
02.06.2019
KingSkrupellos
Med.
AgniCMS 1.6 Database Disclosure
02.06.2019
KingSkrupellos
Low
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Get_Task.cgi Information Disclosure
28.04.2019
Cisco Talos
Low
Sierra Wireless AirLink ES450 ACEManager Information Disclosure
28.04.2019
Cisco Talos
Med.
RingsDB Software 1.0.0 Database Disclosure
20.04.2019
KingSkrupellos
Med.
NIT-Warangal Dispensary Management System India 1.0 Database Disclosure
17.04.2019
KingSkrupellos
Med.
CyberShadeCMS v1 Database Disclosure
14.04.2019
KingSkrupellos
Med.
PragyanCMS 3.0 Beta Database Disclosure
14.04.2019
KingSkrupellos
Med.
TarichiCMS Web Publishing System v2 Database Disclosure
14.04.2019
KingSkrupellos
Med.
Opus Online Placement University System 4.2.0 Database Disclosure
12.04.2019
KingSkrupellos
Med.
OrangeScrum Project Management Software 1.6.1 Database Disclosure
12.04.2019
KingSkrupellos
Med.
Gibbonedu The Flexible School Platform 17.0.00 Database Disclosure
12.04.2019
KingSkrupellos
Med.
JobSkee Open Source JobBoard 1.1.3 Database Disclosure
12.04.2019
KingSkrupellos
Med.
MajorDoMo Domestic Module Database Disclosure
10.04.2019
KingSkrupellos
High
Themosis Framework BookStore 1.3.0 Database Disclosure
10.04.2019
KingSkrupellos
High
NekoCMS 2.5 Database Disclosure
10.04.2019
KingSkrupellos
High
YiiCMS JetBrains PHPStorm 6.0.3 Database Disclosure
10.04.2019
KingSkrupellos
Med.
Norbye CMS Database Disclosure
10.04.2019
KingSkrupellos
Med.
Nova CMS Software 3.77.3 Database Disclosure
08.04.2019
KingSkrupellos
Med.
NeoFragCMS Alpha 0.2.1 Database Disclosure
05.04.2019
KingSkrupellos
High
TheDayLightStudio GetFuelCMS 0.9.3 Database Disclosure
05.04.2019
KingSkrupellos
High
YonaCMS Software 1.3.2 Database Disclosure
05.04.2019
KingSkrupellos
Med.
Senayan Slims Meranti 5 Database Disclosure
04.04.2019
KingSkrupellos
Med.
ClipBucket 2.6 Database Disclosure
04.04.2019
KingSkrupellos
Med.
Luya CMS 1.0.0 Database Disclosure
04.04.2019
KingSkrupellos
Med.
OpenMonero MyMonero 1.1.9 Database Disclosure
04.04.2019
KingSkrupellos
Med.
RainCMS Alpha 1.0 Database Disclosure
04.04.2019
KingSkrupellos
Med.
Complaint Management System CMS 4.0.4.1 Database Disclosure
04.04.2019
KingSkrupellos
Med.
Mash Project Integrated 4.2.7.1 Database Disclosure Exploit
02.04.2019
KingSkrupellos
Med.
DataWrapper ProtoType 0.8 Database Disclosure Exploit
02.04.2019
KingSkrupellos
Med.
Ektron CMS 9 Database Disclosure Exploit
02.04.2019
KingSkrupellos
Med.
Shinobi Security Software 1.0 Database Disclosure Exploit
02.04.2019
KingSkrupellos
High
WordPress Ultimate Form Builder Plugins 1.0 Database Disclosure
28.03.2019
KingSkrupellos
Med.
WordPress 2.0.2 WP-Forum Plugins 1.7.8 Database Disclosure
27.03.2019
KingSkrupellos
Med.
Independent University of Bangladesh IUB Database Disclosure
22.03.2019
KingSkrupellos
Med.
F3-CMS FatFreeFramework 0.0.1 Database Disclosure
15.02.2019
KingSkrupellos
High
WordPress Ad Manager WD 1.0.11 Arbitrary File Download
29.01.2019
41!kh4224rDz
Med.
Papoo CMS PKalender Plugins 3.5 Database Disclosure
28.01.2019
KingSkrupellos
Med.
Joomla RSFirewall Components 2.11.25 Database and Password Disclosure
25.01.2019
KingSkrupellos
Med.
Joomla JVFramework Components 1.6.4.0 Database Disclosure
21.01.2019
KingSkrupellos
Med.
Joomla Akeeba Backup Components 6.3.3 Database Disclosure
19.01.2019
KingSkrupellos
Med.
Joomla FPSS Art Frontpage Slideshow Components 1.6.0 Database Disclosure / Open Redirection / SQL Injection
19.01.2019
KingSkrupellos
Low
Mozilla Firefox 64 Information Disclosure
18.01.2019
Dr. Vladimir Bostanov
Med.
Joomla ZHYandexMap Components 8.0.0.2 Database Disclosure
18.01.2019
KingSkrupellos
Med.
eBrigade ERP 4.5 Arbitrary File Download
11.01.2019
Ozkan Mustafa Akkus
Med.
Typo3 CMS twwc_pages Extension 8.7.x Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS Site Crawler Extension 6.1.2 Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS YAG Themepack jQuery Extension 1.3.2 Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS Static Info Tables Extension 6.7.3 Database Disclosure
04.01.2019
KingSkrupellos
Med.
Typo3 CMS pw_highslide_gallery Extension 0.3.1 Database Disclosure
04.01.2019
KingSkrupellos
Med.
PrestaShop PM_ModalCart Modules 1.6.1.4 Database Disclosure
01.01.2019
KingSkrupellos
Med.
PrestaShop PM_AdvancedSearch4 Modules 1.6.1.18 Database Disclosure
01.01.2019
KingSkrupellos
Med.
PrestaShop yllyaidechantier Modules 1.4.9.0 Database Disclosure
01.01.2019
KingSkrupellos
Med.
PrestaShop Google GSnippetsReviews Modules 1.6.1.4 Database Backup Disclosure
01.01.2019
KingSkrupellos
Med.
PrestaShop FacebookPsConnect Modules 1.6.1.4 Database Disclosure
01.01.2019
KingSkrupellos
Med.
Drupal 7 CivicRM Modules 5.8.2 Database Disclosure
01.01.2019
KingSkrupellos
Med.
WordPress Universal Post Manager 1.5.0 Database Disclosure
26.11.2018
KingSkrupellos
Med.
Joomla MacGallery Database Disclosure
26.11.2018
KingSkrupellos
Med.
EverSync 0.5 Arbitrary File Download
16.11.2018
Ihsan Sencan
Med.
RhinOS CMS 3.x Arbitrary File Download
30.10.2018
Ihsan Sencan
Med.
Open STA Manager 2.3 Arbitrary File Download
25.10.2018
Ihsan Sencan
Med.
Navigate CMS 2.8.5 Arbitrary File Download
17.10.2018
Ihsan Sencan
Med.
WordPress Dreamsmiths Themes 0.0.1 Arbitrary File Download
18.08.2018
IRaNHaCK Security Team
High
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) (KASLR & SMEP Bypass) Arbitrary File Read
10.08.2018
Andrey Konovalov


CVEMAP Search Results

CVE
Details
Description
2022-05-25
Waiting for details
CVE-2022-29248

Updating...
 

 
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware.

 
2022-05-20
Waiting for details
CVE-2022-24906

Updating...
 

 
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available.

 
2022-05-17
Waiting for details
CVE-2022-24890

Updating...
 

 
Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There are currently no known workarounds.

 
Medium
CVE-2022-23671

Vendor: Arubanetworks
Software: Clearpass po...
 

 
A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

 
2022-05-05
Low
CVE-2022-27875

Vendor: F5
Software: Access for a...
 

 
On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

 
Waiting for details
CVE-2022-25990

Updating...
 

 
On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

 
Medium
CVE-2021-39020

Vendor: IBM
Software: Guardium dat...
 

 
IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855.

 
2022-05-04
Medium
CVE-2022-25787

Updating...
 

 
Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7.

 
Medium
CVE-2022-20734

Vendor: Cisco
Software: Sd-wan vmanage
 

 
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system.

 
2022-05-03
Medium
CVE-2022-1214

Vendor: Axios
Software: Axios
 

 
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top