SIGMA Lite & Lite + Security Vulnerabilities
7.4AI Score
EPSS
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path...
7.5AI Score
0.156EPSS
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path...
7.5AI Score
0.156EPSS
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path...
8AI Score
0.156EPSS
PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path...
7.5AI Score
0.156EPSS
EclipseBB 0.5.0 Lite (phpbb_root_path) Remote File Include Exploit
No description provided by...
7.1AI Score
EclipseBB 0.5.0 Lite (phpbb_root_path) Remote File Include Exploit
Exploit for unknown platform in category web...
7.1AI Score
7.4AI Score
EPSS
EclipseBB 0.5.0 Lite - phpbb_root_path Remote File Inclusion
EclipseBB 0.5.0 Lite - phpbb_root_path Remote File...
-0.1AI Score
Woltlab Burning Board <= 1.0.2, 2.3.6 search.php SQL Injection Exploit 3
No description provided by...
7.1AI Score
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks,...
1.5AI Score
0.1EPSS
Woltlab Burning Board <= 1.0.2, 2.3.6 search.php SQL Injection Exploit
No description provided by...
7.1AI Score
Woltlab Burning Board <= 1.0.2, 2.3.6 search.php SQL Injection Exploit 2
No description provided by...
7.1AI Score
Woltlab Burning Board Search.PHP SQL注入漏洞
Woltlab Burning Board是一款基于PHP的WEB应用程序。 Woltlab Burning Board不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Search.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意脚本代码作为参数数据,可导致获得敏感信息。 Woltlab Woltlab Burning Board Lite 1.0.2 WoltLab Burning Board Lite 1.0.2 WoltLab Burning Board Lite 1.0.1 e WoltLab Burning Board Lite...
7.1AI Score
Burning Board search.php boardids Parameter SQL Injection
The version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the 'boardids' parameter of the 'search.php' script before using it in database queries. Regardless of PHP's 'register_globals' and 'magic_quotes_gpc' settings, an unauthenticated remote attacker...
7.7AI Score
WoltLab Burning Board search.php Multiple Parameter SQL Injection
The version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the 'boardids' parameter of the 'search.php' script before using it in database queries. Regardless of PHP's 'register_globals' and 'magic_quotes_gpc' settings, an unauthenticated, remote attacker.....
0.4AI Score
0.003EPSS
Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection (3)
Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection...
0.2AI Score
7.4AI Score
EPSS
Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection (2)
Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection...
0.1AI Score
Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection (1)
Woltlab Burning Board 1.0.22.3.6 - search.php SQL Injection...
0.1AI Score
Woltlab Burning Board <= 1.0.2 2.3.6 search.php SQL Injection Exploit 3
No description provided by...
7.1AI Score
Woltlab Burning Board <= 1.0.2, 2.3.6 search.php SQL Injection Exploit 2
Exploit for unknown platform in category web...
7.1AI Score
Woltlab Burning Board <= 1.0.2 2.3.6 search.php SQL Injection Exploit 2
No description provided by...
7.1AI Score
Woltlab Burning Board <= 1.0.2, 2.3.6 search.php SQL Injection Exploit
Exploit for unknown platform in category web...
7.1AI Score
7.4AI Score
EPSS
Woltlab Burning Board <= 1.0.2, 2.3.6 search.php SQL Injection Exploit 3
Exploit for unknown platform in category web...
7.1AI Score
7.4AI Score
EPSS
Woltlab Burning Board <= 1.0.2 2.3.6 search.php SQL Injection Exploit
No description provided by...
7.1AI Score
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors....
5.6AI Score
0.012EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors....
5.6AI Score
0.012EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors....
5.6AI Score
0.012EPSS
Powergap是一款基于PHP的WEB应用程序。 Powergap不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是多个脚本对用户提交的'shopid'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Powergap Powergap Lite Powergap Powergap Busines ...
7.1AI Score
PHlyMail Lite Mod.Listmail.PHP远程文件包含漏洞
PHlyMail Lite是一款基于PHP的WEB邮件程序。 PHlyMail Lite不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'mod.listmail.php'脚本对用户提交的'PM[path][handler]'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 PHlyMail PHlyMail 3.3.4 PHlyMail PHlyMail 3.0.2 .07 PHlyMail PHlyMail 3.0.2 .01 PHlyMail PHlyMail 3.0.2 .00...
7.1AI Score
Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from...
6.7AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to...
5.8AI Score
0.012EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to...
5.8AI Score
0.012EPSS
Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vf_memberdetail.asp, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from...
8.2AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vf_memberdetail.asp, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from...
8.6AI Score
0.002EPSS
Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from...
6.4AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to...
5.8AI Score
0.012EPSS
Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from...
6.4AI Score
0.005EPSS
Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vf_memberdetail.asp, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from...
8.2AI Score
0.002EPSS
7.1AI Score
-0.3AI Score
Debian DSA-1228-1 : elinks - insufficient escaping
Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell...
0.5AI Score
0.843EPSS
[SECURITY] [DSA 1228-1] New elinks packages fix arbitrary shell command execution
Debian Security Advisory DSA 1228-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 5th, 2006 http://www.debian.org/security/faq Package : elinks Vulnerability : insufficient escaping...
6.2AI Score
0.843EPSS
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level...
8AI Score
0.054EPSS
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level...
7.7AI Score
0.054EPSS
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level...
7.7AI Score
0.054EPSS
NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion Vulnerabilities
No description provided by...
7.1AI Score