YaPiG thanks_comment.php Cross-Site Scripting Vulnerability
/* Kuon <Armorize Security Team> Kuon-[at]-Armorize.com YaPiG thanks_comment.php Cross-Site Scripting Vulnerability Contact : Kuon-[at]-Armorize.com Link : www.Armorize.com */ Armorize Technologies Security Advisory Advisory No: 20061001 Date: 2006/08/25 Affected Software: yapig 0.95b...
0.4AI Score
[KAPDA::#55] - Joomla poll component vulnerability
KAPDA New advisory Vendor: http://www.joomla.org Vulnerable: 1.0.10 (prior versions also maybe Affected) Bug: user session validation weakness Exploitation: Remote with browser Poc: available Description: >From vendora€™s website. Joomla! is an award-winning Content Management System (CMS) that....
0.6AI Score
WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI
+-------------------------------------------------------------------- + + WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI + + Original advisory: + http://www.bb-pcsecurity.de/Websecurity/311/org/+ WEBInsta_Mailing_list_manager_(cabsolute_path)_1.3e_RFI.htm +...
0.2AI Score
MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php)
Title : MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php) Discovered By :::: {{AG-Spider & KaBaRa.HaCk .eGy}} Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : MiniBB Forum 1.5a (search.php-whosOnline.php)version : version [ 1.5 ]...
1.5AI Score
ampleShop™ eCommerce Software vuln.
ampleShop™ eCommerce Software vuln. Vuln. discovered by : r0t Date: 25 april 2006 vendor:www.amplecom.com/ affected versions:2.1 and previous orginal advisory:http://pridels.blogspot.com/2006/04/ampleshop-ecommerce-software-vuln.html Vuln. Description: ampleShop™ contains a flaw that allows a...
0.9AI Score
Bypass the invitation to join the Windows Live™ Mail-vulnerability warning-the black bar safety net
First, log into your MSN or HOTMAIL modify personal information Language - > English Country - > United States State - > Florida. 2. Put the following address copy into your browser, just IE address bar, enter. http://by101fd.bay101.hotmail.msn.com/cgi-bin/BetaOptIn?page=option&curmbox=0 0...
0.5AI Score
Tangora™ Portal CMS XSS vuln. Vuln. discovered by : r0t Date: 21 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/tangora-portal-cms-xss-vuln.html vendor:http://www.tangora.com/ affected version:4.0 and prior Product Description: Tangora™ Portal CMS makes it easy for small and...
-0.2AI Score
Mercury CMS™ vuln. Vuln. discovered by : r0t Date: 18 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/mercury-cms-vuln.html vendor:http://www.mercury-cms.com affected version:4.0 and prior Product Description: Mercury CMS™ v4.0 is an extensible, modular, enterprise-level content...
0.5AI Score
Honeycomb Archive & Honeycomb Archive Enterprise vuln.
Honeycomb Archive & Honeycomb Archive Enterprise vuln. Vuln. discovered by : r0t Date: 17 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/honeycomb-archive-honeycomb-archive.html vendor:http://www.quicksquare.com/ affected version:Honeycomb Archive 3.0 and Honeycomb Archive...
0.9AI Score
EPiX™ Search query XSS vuln. Vuln. discovered by : r0t Date: 17 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/epix-search-query-xss-vuln.html vendor:http://www.go-epix.net/ affected version:3.1.2 and prior Product Description: EPIX is a low cost portal solution with CMS...
-0.5AI Score
QuickPayPro™ 3.1 Multiple vuln.
QuickPayPro™ 3.1 Multiple vuln. Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/quickpaypro-31-multiple-vuln.html vendor:http://quickpaypro.com/ affected version:3.1 and prior Product Description: QuickPayPro.com has been Online for over 3 years...
0.6AI Score
Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution:
Zen-Cart <= 1.2.6d blind SQL injection / remote commands execution: software: site: http://www.zencart.com/ description:"Zen Cart™ truly is the art of e-commerce; a free, user-friendly, open source shopping cart system. The software is being developed by group of...
-0.2AI Score
EZ Invoice Inc™ v 2.0 SQL inj.
EZ Invoice Inc™ v 2.0 SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/ez-invoice-inc-v-20-sql-inj.html Vendor:http://www.ezinvoiceinc.com/ affected version:v 2.0 and prior Product description: This software is the easiest way create and...
0.2AI Score
Mambo Open Source, Path disclosure
[KAPDA::#11] - Mambo Open Source, Path disclosure KAPDA New advisory Vendor: http://www.mamboserver.com Vulnerable Versions: 4.5.2.3 , 4.5.2.2 , 4.5.2.1 ,4.5.2 Bug: path disclosure Exploitation: Remote with browser Discussion: Mambo is a feature-rich dynamic portal engine/content management tool...
0.3AI Score
Multiple CMS/Forum Vulnablilties
Multi-CMS/Forum Vulnability's Found by ap0c hackers pacifico & ratboy Yo! Ok, well a couple new vulnabilitys have been found by.. us :) First; e107 xss--- [link=http://w000000w00tw00t/asdadLI[link= onMouseOver='alert(document.cookie);' h1d3="]<[size=24]HIGHLIGHT...
-0.1AI Score
Computer Associates Message Queuing software vulnerable to buffer overflows
Overview Computer Associates Message Queuing software contains buffer overflow conditions, which may allow a remote attacker to execute arbitrary code with elevated privileges. Description Computer Associates Message Queuing (CAM / CAFT) is a software component that provides messaging services....
0.9AI Score
0.952EPSS
[Full-disclosure] SiteMinder Multiple Vulnerabilities
/* $ An open security advisory #10 - Siteminder v5.5 Vulnerabilities 1: Bug Researcher: c0ntex - c0ntexb[at]gmail.com 2: Bug Released: July 08 2005 3: Bug Impact Rate: Medium / Hi 4: Bug Scope Rate: Remote $ This advisory and/or proof of concept code must not be used for commercial gain. ...
-0.4AI Score
[ZH2005-13SA] NEXTWEB (i)Site website management multiple vulnerabilities
ZH2005-13SA (security advisory): NEXTWEB (i)Site™ multiple vulnerabilities Published: 1 June 2005 - GOOD MONTH EVERYBODY ;-) Released: 1 June 2005 Name: (i)Site™ Affected Versions: ALL Issue: SQL injections, exception handling, unsafe directories Author: Trash-80 - [email protected] Vendor:...
AI Score
Directory Traversal Vuln - RaidenFTPD 2.4 < Build 2241
Product : RaidenFTPD Affected Versions : < 2.4.2241 Author: Lachlan. H Date vendor notified: 19/04/2005 Patch released: 20/04/2005 Disclosure: 02/05/2005 Product Description: RaidenFTPD is an easy-to-use ftp server software for Windows™. With this handy tool you can...
0.3AI Score
Microsoft Security Bulletin MS05-012
Microsoft Security Bulletin MS05-012 Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) Issued: February 8, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows, Microsoft Exchange Server, Microsoft Office, or other third party...
1.7AI Score
0.495EPSS
7AI Score
Microsoft Security Bulletin MS04-030 Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151) Issued: October 12, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of Vulnerability: Denial of Service Maximum...
-0.1AI Score
0.945EPSS
Microsoft Security Bulletin MS04-036 Vulnerability in NNTP Could Allow Remote Code Execution (883935) Issued: October 12, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows or Microsoft Exchange Server Impact of Vulnerability: Remote Code Execution Maximum....
0.9AI Score
0.955EPSS
Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) Issued: September 14, 2004 Version: 1.0 Summary Who should read this document: Customers who use any of the affected operating systems, affected software programs, or affected...
1.9AI Score
0.957EPSS
Microsoft Security Bulletin MS04-021
Microsoft Security Bulletin MS04-021 Security Update for IIS 4.0 (841373) Issued: July 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® NT® 4.0 Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important Recommendation:...
0.9AI Score
0.037EPSS
Microsoft Security Bulletin MS04-020 Vulnerability in POSIX Could Allow Code Execution (841872) Issued: July 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® 2000 or Windows NT 4.0 Impact of Vulnerability: Local Elevation of Privilege Maximum...
1AI Score
0.004EPSS
Microsoft Security Bulletin MS04-022 Vulnerability in Task Scheduler Could Allow Code Execution (841873) Issued: July 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical.....
0.4AI Score
0.861EPSS
Microsoft Security Bulletin MS04-019 Vulnerability in Utility Manager Could Allow Code Execution (842526) Issued: July 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® 2000 Impact of Vulnerability: Local Elevation of Privilege Maximum Severity...
0.8AI Score
0.012EPSS
Microsoft Security Bulletin MS04-023
Microsoft Security Bulletin MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315) Issued: July 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...
0.5AI Score
0.477EPSS
Microsoft Security Bulletin MS04-024
Microsoft Security Bulletin MS04-024 Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) Issued: July 13, 2004 Version: 1.2 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...
0.2AI Score
0.968EPSS
Microsoft Security Bulletin MS04-018
Microsoft Security Bulletin MS04-018 Cumulative Security Update for Outlook Express (823353) Issued: July 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Outlook Express® Impact of Vulnerability: Denial of Service Maximum Severity Rating: Moderate...
-0.2AI Score
0.061EPSS
Blackboard Learning System - Stealing documents out of the digital dropbox
Advisory: Blackboard Learning System - Stealing documents out of the digital dropbox Blackboard The Blackboard Learning System is a Web-based server software platform that offers course management. More information can be found on: http://www.blackboard.com/ Affected Systems Blackboard Learning...
-0.6AI Score
Microsoft Security Bulletin MS04-016 Vulnerability in DirectPlay Could Allow Denial of Service (839643) Issued: June 8, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of Vulnerability: Denial of Service Maximum Severity Rating: Moderate...
0.5AI Score
0.294EPSS
Zen Cart login.php SQL Injection Vulnerability
Overview: "Zen Cart™ truly is the art of e-commerce; a free, user-friendly, open source shopping cart system." Description: An input validation vulnerability has been reported in Zen Cart, allowing a remote user to inject SQL commands. The '/admin/login.php' file does not properly validate...
1.8AI Score
0.2AI Score
0.002EPSS
6.5CVSS
6.6AI Score
EPSS
Microsoft Security Bulletin MS04-015 Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374) Issued: May 11, 2004 Updated: May 11, 2004 Version: 1.1 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of Vulnerability: Remote Code...
0.7AI Score
0.961EPSS
6.8AI Score
EPSS
0.4AI Score
0.033EPSS
Microsoft Security Bulletin MS04-014
Microsoft Security Bulletin MS04-014 Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001) Issued: April 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of vulnerability: Remote Code Execution Maximum...
AI Score
0.1EPSS
Microsoft Security Bulletin MS04-013
Microsoft Security Bulletin MS04-013 Cumulative Security Update for Outlook Express (837009) Issued: April 13, 2004 Version: 1.0 Summary Who should read this document: Customers who have Microsoft® Outlook Express® installed Impact of vulnerability: Remote Code Execution Maximum Severity Rating:...
-0.1AI Score
0.968EPSS
Microsoft Security Bulletin MS04-011
Microsoft Security Bulletin MS04-011 Security Update for Microsoft Windows (835732) Issued: April 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of vulnerability: Remote Code Execution Maximum Severity Rating: Critical Recommendation:...
0.3AI Score
0.972EPSS
Microsoft Security Bulletin MS04-012
Microsoft Security Bulletin MS04-012 Cumulative Update for Microsoft RPC/DCOM (828741) Issued: April 13, 2004 Version: 1.0 Summary Who should read this document: Customers who use Microsoft® Windows® Impact of vulnerability: Remote Code Execution Maximum Severity Rating: Critical Recommendation:...
-0.4AI Score
0.78EPSS
Microsoft Security Bulletin MS04-008
Microsoft Security Bulletin MS04-008 Vulnerability in Windows Media Services Could Allow a Denial of Service (832359) Issued: March 9, 2004 Version: 1.0 Summary Who Should Read This Document: Customers who are using Microsoft® Windows® 2000 Impact of Vulnerability: Denial of Service Maximum...
1.1AI Score
0.857EPSS
FlexWATCH-Webs 2.2 (NTSC) Authorization Bypass
Application: FlexWATCH-Webs Vendors: Seyeon TECH Co., Ltd. http://www.flexwatch.com/ http://www.seyeon.co.kr Versions: <= 2.2 (NTSC) Platforms: Windows Bug: Authorization Bypass Risk: Very High Exploitation: Remote with browser Date: 26 Jan 2004 Author: Rafel Ivgi, The-Insider e-mail: t...
0.5AI Score
Microsoft Security Bulletin MS04-007
Microsoft Security Bulletin MS04-007 ASN.1 Vulnerability Could Allow Code Execution (828028) Issued: February 10, 2004 Version Number: 1.0 Summary Who should read this document: Customers who are using Microsoft® Windows® Impact of vulnerability: Remote Code Execution Maximum Severity Rating:...
0.2AI Score
0.974EPSS
Microsoft Security Bulletin MS04-006
Microsoft Security Bulletin MS04-006 Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352) Issued: February 10, 2004 Version Number: 1.0 Summary Who should read this document: Customers who are using Microsoft® Windows Internet Naming Service (WINS)®...
-0.1AI Score
0.967EPSS
Microsoft Security Bulletin MS04-004
Microsoft Security Bulletin MS04-004 Cumulative Security Update for Internet Explorer (832894) Issued: February 2, 2004 Version: 1.0 Summary Who should read this document: Customers who are using Microsoft® Internet Explorer Impact of vulnerability: Remote Code Execution Maximum Severity Rating:...
-0.2AI Score
0.974EPSS
Microsoft Security Bulletin MS04-003
Microsoft Security Bulletin MS04-003 Buffer Overrun in MDAC Function Could Allow Code Execution (832483) Issued: January 13, 2004 Version: 1.0 Summary Who should read this document: Customers who are using Microsoft® Windows® Impact of vulnerability: Remote code execution Maximum Severity Rating:.....
0.6AI Score
0.429EPSS
Microsoft Security Bulletin MS03-051
Microsoft Security Bulletin MS03-051 Print Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360) Issued: November 11, 2003 Version: 1.0 Summary Who should read this document: Customers using Microsoft® FrontPage Server Extensions ® Impact of vulnerability:...
0.2AI Score
0.971EPSS