Directory Security Vulnerabilities
SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list...
8.7AI Score
0.001EPSS
The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified...
6.5AI Score
0.004EPSS
PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR...
7.8AI Score
0.057EPSS
Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP...
6.8AI Score
0.027EPSS
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid...
8.7AI Score
0.002EPSS
SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid...
8.7AI Score
0.001EPSS
CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained...
6.7AI Score
0.022EPSS
SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd...
8.4AI Score
0.001EPSS
SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid...
8.4AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search...
5.7AI Score
0.003EPSS
Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control...
7.5AI Score
0.029EPSS
SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open...
8.2AI Score
0.002EPSS
Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector 1.12 and earlier, HPSI eTrust Connector 1.02 and earlier, HPSI OID Connector 1.02...
5.5AI Score
0.0004EPSS
Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP...
7.7AI Score
0.594EPSS
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service (CPU consumption and search outage) via crafted LDAP search requests with patterns, related to a single-threaded regular-expression...
6.3AI Score
0.097EPSS
Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP...
6.4AI Score
0.109EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject.....
5.5AI Score
0.003EPSS
SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name...
8.4AI Score
0.001EPSS
SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink...
8.3AI Score
0.001EPSS
JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to...
7.2AI Score
0.048EPSS
PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd...
7.5AI Score
0.022EPSS
Multiple unspecified vulnerabilities in HP Select Identity (HPSI) Active Directory Bidirectional LDAP Connector 2.20, 2.20.001, 2.20.002, and 2.30 allow remote attackers to execute arbitrary code via unspecified...
7.8AI Score
0.014EPSS
Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.4AI Score
0.001EPSS
Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. ...
7.3AI Score
0.019EPSS
Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action...
5.7AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to...
8.6AI Score
0.001EPSS
Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular...
7.8AI Score
0.063EPSS
SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than...
8.3AI Score
0.006EPSS
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the...
6.8AI Score
0.01EPSS
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list...
7.9AI Score
0.001EPSS
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary...
7AI Score
0.005EPSS
Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, does not properly restrict access to CGI scripts, which allows remote attackers to perform administrative...
6.4AI Score
0.015EPSS
Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the...
7.3AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
5.6AI Score
0.002EPSS
Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown...
7.2AI Score
0.0004EPSS
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this...
6.6AI Score
0.016EPSS
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such...
6.9AI Score
0.015EPSS
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by...
6.9AI Score
0.02EPSS
SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat...
8.3AI Score
0.001EPSS
SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id...
8.4AI Score
0.001EPSS
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to...
8.3AI Score
0.066EPSS
Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a...
5.4AI Score
0.001EPSS
Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party...
6.7AI Score
0.043EPSS
Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the...
6.9AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory...
5.6AI Score
0.002EPSS
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat...
8.4AI Score
0.001EPSS
SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that....
8.3AI Score
0.015EPSS
PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page...
7.5AI Score
0.093EPSS
Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to...
8.5AI Score
0.006EPSS