PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf...
7.7AI Score
0.15EPSS
[MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability
[MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability Software: ActualAnalyzer Type: Remote File Include Vulnerability Date: April, 19th 2006 Vendor: ActualScripts Page: http://actualscripts.com Risc: High Credits: Discovered by: 'Aesthetico' http://www.majorsecurity.de Affected...
0.6AI Score
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks,...
1.5AI Score
0.003EPSS
Leadhound multiple vuln. Vuln. discovered by : r0t Date: 18 april 2006 vendor:http://www.leadhoundnetwork.com/ affected versions: Leadhound "Full Remote version" & Leadhound LITE 2.1 orginal advisory: http://pridels.blogspot.com/2006/04/leadhound-multiple-vuln.html Product info: Secure private...
0.1AI Score
Cross-site scripting (XSS) vulnerability in searchresult.php in Meeting Reserve 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party...
5.6AI Score
0.007EPSS
Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party...
5.7AI Score
0.007EPSS
Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is...
6.7AI Score
0.016EPSS
[eVuln] CyBoards PHP Lite SQL Injection Vulnerability
New eVuln Advisory: CyBoards PHP Lite SQL Injection Vulnerability http://evuln.com/vulns/91/summary.html --------------------Summary---------------- eVuln ID: EV0091 CVE: CVE-2006-1134 Software: CyBoards PHP Lite Sowtware's Web Site:...
0.7AI Score
0.011EPSS
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks,...
1.5AI Score
CyBoards PHP Lite 1.211.25 - post.php SQL Injection
CyBoards PHP Lite 1.211.25 - post.php SQL...
AI Score
7.4AI Score
Often see newbies asking the ocean to the top of the ASP Trojan related issues Here I collect some common questions and give the answer! =File description===================================================== 2 0 0 6. asp Haiyang top nets ASP Trojan 2 0 0 6 Edition files unpack. vbs package...
-0.1AI Score
SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2)...
8.5AI Score
0.011EPSS
SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2)...
8.5AI Score
0.011EPSS
SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2)...
9.2AI Score
0.011EPSS
SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2)...
8.5AI Score
0.011EPSS
LISTSERV contains multiple buffer overflow vulnerabilities in the WA CGI script
Overview Several buffer overflow vulnerabilities have been discovered in LISTSERV. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Description L-Soft's LISTSERV is an email list management software package. It includes a Web Archive and...
0.3AI Score
0.254EPSS
Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has...
7.8AI Score
0.254EPSS
Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has...
7.8AI Score
0.254EPSS
Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has...
8.4AI Score
0.254EPSS
Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has...
7.7AI Score
0.254EPSS
Critical Risk Vulnerability in L-Soft Listserv
Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities in L-Soft's LISTSERV list management system. The worst of these carries a critical risk rating. Affected versions include: LISTSERV version 14.4, including LISTSERV Lite and HPO LISTSERV version 14.3, including LISTSERV...
1.2AI Score
JVN#65542239 Hyper NIKKI System allows unauthorized email submission
Impact An attacker could use the server to send unauthorized emails. In addition, when the server provides email service, the attacker could possibly conduct a DoS attack by generating many bounced emails. ## Solution ## Products Affected hns-2.19.6 (hns-lite-2.19.6) and earlier On March 8...
6.8AI Score
[eVuln] Magic News Lite PHP Code Execution & Unauthorized Data Modification
New eVuln Advisory: Magic News Lite PHP Code Execution & Unauthorized Data Modification http://evuln.com/vulns/72/summary.html --------------------Summary---------------- eVuln ID: EV0072 CVE: CVE-2006-0723 CVE-2006-0724 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com...
1.2AI Score
0.026EPSS
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks,...
1.5AI Score
-0.2AI Score
0.026EPSS
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks,...
1.5AI Score
[eVuln] Magic Calendar Lite Authentication Bypass
New eVuln Advisory: Magic Calendar Lite Authentication Bypass http://evuln.com/vulns/71/summary.html --------------------Summary---------------- eVuln ID: EV0071 CVE: CVE-2006-0673 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com Software: Magic Calendar Lite Sowtware's Web...
0.7AI Score
0.008EPSS
Magic Calendar Lite 1.02 - index.php SQL Injection
Magic Calendar Lite 1.02 - index.php SQL...
0.1AI Score
7.4AI Score
EPSS
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly...
6.9AI Score
0.003EPSS
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...
7.3AI Score
0.003EPSS
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...
6.8AI Score
0.003EPSS
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...
6.8AI Score
0.003EPSS
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly...
7.4AI Score
0.003EPSS
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly...
6.9AI Score
0.003EPSS
GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...
6.8AI Score
0.003EPSS
ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions and bypass Windows security warnings via a filename that ends in an assumed-safe extension such as JPG, and possibly...
6.9AI Score
0.003EPSS
PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path...
6.6AI Score
0.026EPSS
PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path...
7.3AI Score
0.026EPSS
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables,.....
6.8AI Score
0.023EPSS
PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path...
6.6AI Score
0.026EPSS
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables,.....
7.4AI Score
0.023EPSS
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables,.....
6.8AI Score
0.023EPSS
PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path...
6.6AI Score
0.026EPSS
profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables,.....
6.8AI Score
0.023EPSS
Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT
Mirabiliz ICQ 2002/2003/ LITE 4.0/4.1 LONG (DIRECTORY + FILENAME) EXPLOIT Found this 'bug' about 1 year n a half ago. If u drag and drop a folder containing 1 or more file from your computer into the nick of someone in your contact list it is possible to send a full directory... The possibility to....
0.6AI Score
Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password...
8.5AI Score
0.008EPSS
Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password...
9.2AI Score
0.008EPSS
Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password...
8.5AI Score
0.008EPSS