Web Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details...
5.8AI Score
0.003EPSS
Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data...
6.7AI Score
0.018EPSS
Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE:...
6AI Score
0.073EPSS
SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW...
8.8AI Score
0.002EPSS
join.asp in MiniHTTP Web Forum & File Server PowerPack 4.0 allows remote attackers to add or modify arbitrary user accounts via modified (1) frmMailBox and (2) frmUserPass...
7.2AI Score
0.042EPSS
SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid...
8.8AI Score
0.003EPSS
Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e)...
8AI Score
0.398EPSS
PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath...
8AI Score
0.041EPSS
Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action...
5.9AI Score
0.011EPSS
PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from...
7.3AI Score
0.012EPSS
The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is...
8.1AI Score
0.086EPSS
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET...
7.7AI Score
0.823EPSS
PHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root...
7.9AI Score
0.039EPSS
Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML...
5.5AI Score
0.03EPSS
PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page...
8AI Score
0.193EPSS
PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path...
7.6AI Score
0.082EPSS
IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken...
6.8AI Score
0.021EPSS
PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l...
7.5AI Score
0.012EPSS
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to...
8AI Score
0.076EPSS
Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query...
6.7AI Score
0.037EPSS
NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null...
7.3AI Score
0.069EPSS
The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain...
7AI Score
0.017EPSS
SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category...
8.8AI Score
0.002EPSS
Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade...
8AI Score
0.039EPSS
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded...
6.1AI Score
0.003EPSS
Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in...
6.7AI Score
0.115EPSS
Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC...
6.5AI Score
0.118EPSS
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug...
6.9AI Score
0.038EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka...
6.1AI Score
0.025EPSS
Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web...
5.9AI Score
0.006EPSS
Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to...
6.7AI Score
0.014EPSS
Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext...
5.7AI Score
0.004EPSS
Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than...
6.6AI Score
0.038EPSS
Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including.....
5.8AI Score
0.163EPSS
PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l...
7.5AI Score
0.081EPSS
Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3)...
7.7AI Score
0.605EPSS
Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an...
5.8AI Score
0.016EPSS
An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide...
6.7AI Score
0.004EPSS
Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unresponsive service) via unknown...
6.9AI Score
0.091EPSS
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and.....
5.9AI Score
0.015EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c)...
5.8AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID...
5.7AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details...
5.7AI Score
0.003EPSS
Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file...
6.8AI Score
0.009EPSS
Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long...
7.9AI Score
0.026EPSS
Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function...
7.7AI Score
0.015EPSS
The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device...
6.7AI Score
0.047EPSS
Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a...
6.5AI Score
0.009EPSS
Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml...
5.8AI Score
0.008EPSS
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack...
5.7AI Score
0.004EPSS