Show filters
200 Total Results
Displaying 121-130 of 200
Sort by:
Attacker Value
Unknown

CVE-2017-5494

Disclosure Date: January 15, 2017 (last updated November 25, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
0
0
Attacker Value
Unknown

CVE-2017-5480

Disclosure Date: January 15, 2017 (last updated November 25, 2024)
Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.
0
0
Attacker Value
Unknown

CVE-2016-10039

Disclosure Date: December 24, 2016 (last updated November 25, 2024)
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/getfiles.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-10037

Disclosure Date: December 24, 2016 (last updated November 25, 2024)
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, related to browser/directory/getlist.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-10038

Disclosure Date: December 24, 2016 (last updated November 25, 2024)
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to browser/directory/remove.
0
0
Attacker Value
Unknown

CVE-2016-9479

Disclosure Date: December 02, 2016 (last updated November 25, 2024)
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.
0
0
Attacker Value
Unknown

CVE-2010-5310

Disclosure Date: August 04, 2015 (last updated October 05, 2023)
The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
0
0
Attacker Value
Unknown

CVE-2014-9734

Disclosure Date: June 30, 2015 (last updated October 05, 2023)
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.
0
0
Attacker Value
Unknown

CVE-2015-5151

Disclosure Date: June 30, 2015 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter in a revslider_ajax_action action to wp-admin/admin-ajax.php.
0
0
Attacker Value
Unknown

CVE-2014-9735

Disclosure Date: June 30, 2015 (last updated October 05, 2023)
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.
0
0
View More Topics  < Previous  Next >