News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN...
7.1AI Score
0.021EPSS
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to...
8.4AI Score
0.007EPSS
Expinion.net News Manager Lite 2.5 - search.asp Cross-Site Scripting
Expinion.net News Manager Lite 2.5 - search.asp Cross-Site...
-0.1AI Score
7.4AI Score
EPSS
Expinion.net News Manager Lite 2.5 - category_news.asp?ID SQL Injection
Expinion.net News Manager Lite 2.5 - category_news.asp?ID SQL...
0.5AI Score
7.4AI Score
EPSS
Expinion.net News Manager Lite 2.5 - NEWS_LOGIN?admin Cookie Authentication Bypass
Expinion.net News Manager Lite 2.5 - NEWS_LOGIN?admin Cookie Authentication...
0.5AI Score
Expinion.net News Manager Lite 2.5 - 'category_news_headline.asp' Cross-Site Scripting
...
7.4AI Score
EPSS
Expinion.net News Manager Lite 2.5 - category_news_headline.asp Cross-Site Scripting
Expinion.net News Manager Lite 2.5 - category_news_headline.asp Cross-Site...
-0.1AI Score
Expinion.net News Manager Lite 2.5 - news_sort.asp?filter SQL Injection
Expinion.net News Manager Lite 2.5 - news_sort.asp?filter SQL...
0.3AI Score
7.4AI Score
EPSS
7.4AI Score
EPSS
Expinion.net News Manager Lite 2.5 - 'NEWS_LOGIN?admin' Cookie Authentication Bypass
...
7.4AI Score
EPSS
Expinion.net News Manager Lite 2.5 - comment_add.asp Cross-Site Scripting
Expinion.net News Manager Lite 2.5 - comment_add.asp Cross-Site...
-0.1AI Score
7.4AI Score
EPSS
Expinion.net News Manager Lite 2.5 - more.asp?ID SQL Injection
Expinion.net News Manager Lite 2.5 - more.asp?ID SQL...
0.5AI Score
The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with...
6.7AI Score
0.006EPSS
eCommerce Corporation Online Store Kit 3.0 - shop_by_brand.php?cat_manufacturer SQL Injection
eCommerce Corporation Online Store Kit 3.0 - shop_by_brand.php?cat_manufacturer SQL...
0.3AI Score
ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in Online Store Kit 3.0 Products (Lite - Standard and Pro) Published: 17 february 2004 Released: 17 february 2004 Name: Online Store Kit Products (Lite - Standard - Pro) Affected Systems: 3.0 Issue: Sql Injection Vulnerability....
AI Score
...
7.4AI Score
EPSS
-0.4AI Score
[Full-Disclosure] CactuSoft CactuShop 5.0 Lite shopping cart software backdoor
S-Quadra Advisory #2004-02-06 Topic: CactuSoft CactuShop 5.0 Lite shopping cart software backdoor Severity: High Vendor URL: http://www.cactushop.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20040206.txt Release date: 06 Feb 2004 DESCRIPTION CactuShop is an ASP application for...
-0.1AI Score
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote)...
5.7AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote)...
5.9AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote)...
5.7AI Score
0.006EPSS
SnapStream PVS LITE Cross Site Scripting Vulnerabillity
Application: SnapStream PVS Vendor : http://www.snapstream.com Versions: LITE Platforms: Windows/Unix Bug: Cross Site Scripting Vulnerabillity Risk: Low Exploitation: Remote with browser Date: 6 Jan 2004 Author: Rafel...
0.4AI Score
7.4AI Score
EPSS
-0.3AI Score
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or...
7.3AI Score
0.006EPSS
-0.4AI Score
[Full-Disclosure] SECURITY ADVISORY
SECURITY ADVISORY IMPACT: DoS SEVERITY: High VENDOR: http://www.Wap-Serv.com CONTACT: [email protected] , +44 (0)1628 634240 PRODUCT: http://www.wap-serv.com/product.htm WapServ Lite, WapServ Pro, WapServ Enterprise DISTRIBUTION: ALREADY NOTIFIED PUBLIC DOMAIN AND VENDOR...
-0.4AI Score
ICQ Pro 2003a Password Bypass exploit (ca1-icq.asm)
Exploit for unknown platform in category local...
6.8AI Score
7.4AI Score
0.2AI Score
7.1AI Score
Software: ICQ 2003a Threat: Login password can be bypassed locally I have found a vulnerability in ICQ Pro 2003a that allows anyone to connect to ICQ server using any account registered locally regardless the 'save password' option is checked or not. High level security password is also...
0.4AI Score
ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious...
7AI Score
0.0004EPSS
ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious...
6.6AI Score
0.0004EPSS
ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Control" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious...
6.6AI Score
0.0004EPSS
bugtraq@, Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp I. Intro: ICQ Lite is popular internet messenger ...
1.3AI Score
During installation Interactive Users: Full Control permission is added to executables...
4.5AI Score
-0.2AI Score
Upload Lite upload.cgi Arbitrary File Upload
The Upload Lite (upload.cgi) CGI script is installed. This script has a well-known security flaw that lets anyone upload arbitrary files on the remote web server. Note that Nessus did not test whether uploads are possible, only that the script...
-0.2AI Score
Vulnerability in Upload Lite 3.22 that could allow somebody to upload/execute code on a remote host.
There is a vulnerability in Upload Lite 3.22 that could allow somebody to upload/execute code on a remote host. The exploit was tested on Windows and as far as I know it will only work on windows.. It will not work on *nix because of file permissions. Upload Lite 3.22 from...
-0.6AI Score
1.4AI Score
3.2AI Score
Security bug in CGI::Lite::escape_dangerous_chars() function
SUBJECT Security bug in CGI::Lite::escape_dangerous_chars() function, part of the CGI::Lite 2.0 package, and earlier revisions thereof. SUMMARY The CGI::Lite::escape_dangerous_chars() function fails to escape the entire set of special characters that may have...
0.3AI Score
Cyboards Remote Code Execution
Cyboards PHP Lite Vulnerability ( By Mindwarper :: [email protected] :: ) <------- -------> Vendor Information: Homepage : http://www.gold-sonata.com Vendor : informed Mailed advisory: 13/01/03 Vender Response : None yet (possibly because they have no contact page and the report was sent to...
2.2AI Score
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or...
5.8AI Score
0.002EPSS
SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to...
6.8AI Score
0.012EPSS