Show filters
150 Total Results
Displaying 91-100 of 150
Sort by:
Attacker Value
Unknown

CVE-2015-3162

Disclosure Date: September 06, 2017 (last updated November 26, 2024)
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.
0
0
Attacker Value
Unknown

CVE-2017-11349

Disclosure Date: July 17, 2017 (last updated November 26, 2024)
dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data.
0
0
Attacker Value
Unknown

CVE-2017-11165

Disclosure Date: July 12, 2017 (last updated November 26, 2024)
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
0
0
Attacker Value
Unknown

CVE-2017-9771

Disclosure Date: June 21, 2017 (last updated November 26, 2024)
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
0
0
Attacker Value
Unknown

CVE-2017-9360

Disclosure Date: June 02, 2017 (last updated November 26, 2024)
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
0
0
Attacker Value
Unknown

CVE-2017-9361

Disclosure Date: June 02, 2017 (last updated November 26, 2024)
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
0
0
Attacker Value
Unknown

CVE-2017-7410

Disclosure Date: April 03, 2017 (last updated November 08, 2023)
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-1208

Disclosure Date: May 14, 2016 (last updated November 25, 2024)
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2015-5190

Disclosure Date: September 03, 2015 (last updated October 05, 2023)
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
0
0
Attacker Value
Unknown

CVE-2015-5189

Disclosure Date: September 03, 2015 (last updated October 05, 2023)
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.
0
0
View More Topics  < Previous  Next >