SIGMA Lite & Lite + Security Vulnerabilities
OASYS Lite 1.0 "search.asp" XSS vuln.
OASYS Lite 1.0 "search.asp" XSS vuln. Vuln. dicovered by : r0t Date: 25 nov. 2005 Original advisory:http://pridels.blogspot.com/2005/11/oasys-lite-10-searchasp-xss-vuln.html Vendor:www.onlinetechtools.com Product link:http://www.onlinetechtools.com/products/oasyslite/ affected vesion: 1.0 and...
0.5AI Score
OKBSYS Lite 1.0 "search.asp" XSS vuln.
Online Knowledge Base System: Lite Edition 1.0 XSS vuln. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/okbsys-lite-10-searchasp-xss-vuln.html Vendor:www.onlinetechtools.com Product link:http://www.onlinetechtools.com/products/okbsys/ affected...
0.3AI Score
Online Work Order Suite: Lite Edition for ASP 3.0 SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/owos-lite-30-sql-inj.html Vendor:www.onlinetechtools.com Product link:http://www.onlinetechtools.com/products/owoslite/ affected vesion:3.0...
0.8AI Score
Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in...
6.9AI Score
0.004EPSS
An unknown service runs on this port. It is sometimes opened by Trojan horses. Unless you know for sure what is behind it,...
7.4AI Score
This plugin attempts to determine the presence of various common dirs on the remote web...
9.9CVSS
8.1AI Score
0.975EPSS
Comersus BackOffice Lite Administrative Bypass
Comersus ASP shopping cart is a set of ASP scripts creating an online shoppingcart. It works on a database of your own choosing, default is msaccess, and includes online administration...
6.8AI Score
0.007EPSS
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby.....
5.8AI Score
0.011EPSS
Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php,....
8.5AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5)...
8.5AI Score
0.006EPSS
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8)...
6AI Score
0.002EPSS
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload...
7.2AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5)...
8.5AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4)...
5.8AI Score
0.002EPSS
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/language.php?goto' Cross-Site Scripting
...
7.4AI Score
EPSS
7.4AI Score
EPSS
...
7.4AI Score
EPSS
7.4AI Score
EPSS
7.4AI Score
EPSS
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/usertitle.php?usertitleid' SQL Injection
...
7.4AI Score
EPSS
7.4AI Score
EPSS
7.4AI Score
EPSS
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php?orderby' Cross-Site Scripting
...
7.4AI Score
EPSS
7.4AI Score
EPSS
Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once...
8.2AI Score
0.056EPSS
JVN#97422426 Hyper NIKKI System cross-site request forgery vulnerability
Impact If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successfully altered, the attacker could perform a cross-site scripting attack to steal cookie information of weblog readers (including weblog...
6AI Score
Woltlab Burning Board modcp.php Multiple Parameter SQL Injection
The remote version of Burning Board / Burning Board Lite is prone to SQL injection attacks due to its failure to sanitize user-supplied input to the 'x' and 'y' parameters of the 'modcp.php' script before using it in database queries. Provided an attacker has moderator privileges, these flaws may.....
0.5AI Score
0.002EPSS
[SA16388] PHlyMail Unspecified Login Bypass Vulnerability
Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ TITLE: PHlyMail Unspecified Login Bypass Vulnerability SECUNIA ADVISORY ID: SA16388 VERIFY ADVISORY:...
0.6AI Score
7.4AI Score
EPSS
PHP Lite Calendar Express 2.2 - login.php?cid SQL Injection
PHP Lite Calendar Express 2.2 - login.php?cid SQL...
0.3AI Score
7.4AI Score
EPSS
PHP Lite Calendar Express 2.2 - auth.php?cid SQL Injection
PHP Lite Calendar Express 2.2 - auth.php?cid SQL...
0.3AI Score
7.4AI Score
EPSS
PHP Lite Calendar Express 2.2 - Subscribe.php?cid SQL Injection
PHP Lite Calendar Express 2.2 - Subscribe.php?cid SQL...
0.3AI Score
-0.4AI Score
Quick 'n Easy FTP Server 3.0 pro / lite (buffer overflow vulnerabilities)
Details: Input to the user commands is not properly checked and/or filtered. Issuing a long argument to the user (about 1024 caracteres) commands will cause the corresponding process to die without any error message. this vulnerabilities exist in both the professionnal version 3.0 and lite version....
0.3AI Score
7.4AI Score
EPSS
Quick n EasY 3.0 FTP Server - Remote Denial of Service
Quick n EasY 3.0 FTP Server - Remote Denial of...
0.3AI Score
An Ethreal Security Advisories reports : Our testing program has turned up several more security issues : The LDAP dissector could free static memory and crash. The AgentX dissector could crash. The 802.3 dissector could go into an infinite loop. The PER dissector could abort. The DHCP...
0.1AI Score
Georgi Guninski discovered a way to construct Vim modelines that execute arbitrary shell commands. The vulnerability can be exploited by including shell commands in modelines that call the glob() or expand() functions. An attacker could trick an user to read or edit a trojaned file with modelines.....
1AI Score
0.007EPSS
ethereal -- multiple protocol dissectors vulnerabilities
An Ethreal Security Advisories reports: Our testing program has turned up several more security issues: The LDAP dissector could free static memory and crash. The AgentX dissector could crash. The 802.3 dissector could go into an infinite loop. The PER dissector could abort. The DHCP...
AI Score
vim -- vulnerabilities in modeline handling: glob, expand
Georgi Guninski discovered a way to construct Vim modelines that execute arbitrary shell commands. The vulnerability can be exploited by including shell commands in modelines that call the glob() or expand() functions. An attacker could trick an user to read or edit a...
7AI Score
0.007EPSS
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain...
6.7AI Score
0.003EPSS
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain...
6.3AI Score
0.003EPSS
An Ethreal Security Advisories reports : An aggressive testing program as well as independent discovery has turned up a multitude of security issues Please reference CVE/URL list for...
-0.1AI Score
0.066EPSS
FreeBSD : vim -- vulnerabilities in modeline handling (bd9fc2bf-5ffe-11d9-a11a-000a95bc6fae)
Ciaran McCreesh discovered news ways in which a VIM modeline can be used to trojan a text file. The patch by Bram Moolenaar reads : Problem: Unusual characters in an option value may cause unexpected behavior, especially for a modeline. (Ciaran McCreesh) Solution: Don't allow setting termcap...
-0.3AI Score
0.001EPSS
An Ethreal Security Advisories reports : Issues have been discovered in the following protocol dissectors : Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CVE: CAN-2005-0704 The GPRS-LLC dissector could crash if the 'ignore cipher bit' option was enabled. CVE:...
0.1AI Score
0.025EPSS
FreeBSD : ethereal -- multiple vulnerabilities (efa1344b-5477-11d9-a9e7-0001020eed82)
An Ethreal Security Advisories reports : Issues have been discovered in the following protocol dissectors : Matthew Bing discovered a bug in DICOM dissection that could make Ethereal crash. An invalid RTP timestamp could make Ethereal hang and create a large temporary file, possibly filling...
6.9AI Score
0.025EPSS
An Ethreal Security Advisories reports : Issues have been discovered in the following protocol dissectors : The COPS dissector could go into an infinite loop. CVE: CAN-2005-0006 The DLSw dissector could cause an assertion. CVE : CAN-2005-0007 The DNP dissector could cause memory corruption....
0.5AI Score
0.036EPSS
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc...
7.6AI Score
0.014EPSS