CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1596 matches found

Cvelist•added 2009/06/18 9:0 p.m.•17 views

CVE-2009-2114

Multiple cross-site scripting XSS vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the 1 mgroup, 2 mgr, 3 objtype, 4 id, and 5 dir parameters...

5.8AI score0.01142EPSS

Exploits1References5

Cvelist•added 2009/06/18 9:0 p.m.•13 views

CVE-2009-2115

admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...

5.8AI score0.00242EPSS

Exploits0References3

NVD•added 2009/06/16 7:30 p.m.•7 views

CVE-2009-2080

admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to 1 obtain sensitive configuration information via the editconfig action or 2 change the administrator's password via the id parameter in an editop action...

7.5CVSS6.5AI score0.04693EPSS

Exploits0References3

Cvelist•added 2009/06/12 5:28 p.m.•11 views

CVE-2009-2037

Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 GLOBALSSKIN parameter to index.php and the 2 skin...

7.3AI score0.03023EPSS

Exploits0References3

seebug.org•added 2009/06/11 12:0 a.m.•17 views

MRCGIGUY FreeTicket (CH/SQL) Multiple Remote Vulnerabilities

No description provided by source. MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Download: http://www.mrcgiguy.com/cgi-bin/freedown.cgi?id=1 Vendor:http://www.mrcgiguy.com Special Thx: Snakespc His0k4 Note: Algerie 3-1 Egypt...

7.1AI score

Exploits0

0day.today•added 2009/06/10 12:0 a.m.•19 views

MRCGIGUY FreeTicket (CH/SQL) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ MRCGIGUY FreeTicket CH/SQL Multiple Remote Vulnerabilities ============================================================ MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founde...

7.1AI score

Exploits0

exploitpack•added 2009/06/10 12:0 a.m.•17 views

mrcgiguy freeticket - Cookie Handling SQL Injection

mrcgiguy freeticket - Cookie Handling SQL Injection MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Download: http://www.mrcgiguy.com/cgi-bin/freedown.cgi?id=1 Vendor:http://www.mrcgiguy.com Special Thx: Snakespc His0k4 Note: Algeri...

1AI score

Exploits0

Exploit DB•added 2009/06/10 12:0 a.m.•40 views

mrcgiguy freeticket - Cookie Handling / SQL Injection

MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Download: http://www.mrcgiguy.com/cgi-bin/freedown.cgi?id=1 Vendor:http://www.mrcgiguy.com Special Thx: Snakespc His0k4 Note: Algerie 3-1 Egypt Exploit: ------ Cookies insecure...

7.4AI score

Exploits0

Packet Storm•added 2009/06/03 12:0 a.m.•17 views

Flashlight Free Edition Local File Inclusion / SQL Injection

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Flashlight Free Edition - LFI/SQL Multiple Remote Vul XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RATM: "All hell can't stop us now!" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --Author : k4m1k451 --E-mail :...

0.3AI score

Exploits0

seebug.org•added 2009/06/02 12:0 a.m.•29 views

Flashlight Free Edition (LFI/SQL) Multiple Remote Vulnerabilities

No description provided by source. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Flashlight Free Edition - LFI/SQL Multiple Remote Vul XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RATM: "All hell can't stop us now!" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX...

7.1AI score

Exploits0

exploitpack•added 2009/06/02 12:0 a.m.•12 views

flashlight free edition - Local File Inclusion SQL Injection

flashlight free edition - Local File Inclusion SQL Injection XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Flashlight Free Edition - LFI/SQL Multiple Remote Vul XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RATM: "All hell can't stop us now!"...

0.3AI score

Exploits0

Cvelist•added 2009/05/29 4:24 p.m.•14 views

CVE-2009-1816

SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter aka the username field. NOTE: some of these details are obtained from third party information...

8.3AI score0.00397EPSS

Exploits1References5

CVE•added 2009/05/29 4:24 p.m.•40 views

CVE-2009-1816

CVE-2009-1816 is a SQL injection vulnerability affecting admin.php in My Game Script 2.0, exploitable via the user parameter (username field) to execute arbitrary SQL commands remotely. The vulnerability description notes that some details come from third-party information. The CVE has multiple r...

7.5CVSS8.6AI score0.00397EPSS

Exploits1References5Affected Software1

Prion•added 2009/05/22 8:30 p.m.•8 views

Remote file inclusion

PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the formincludetemplate parameter...

7.5CVSS8.1AI score0.0369EPSS

Exploits1References3Affected Software1

Prion•added 2009/05/22 8:30 p.m.•10 views

Authentication flaw

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified formadminuser and formadminpass parameters...

7.5CVSS7.9AI score0.04014EPSS

Exploits1References3Affected Software1

Prion•added 2009/05/22 8:30 p.m.•12 views

Code injection

Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpreconfig.php via the formaula parameter...

7.5CVSS7.8AI score0.03691EPSS

Exploits1References3Affected Software1

CVE•added 2009/05/22 8:0 p.m.•44 views

CVE-2009-1781

CVE-2009-1781 describes a static code injection vulnerability in admin.php of Frax.dk Php Recommend 1.3 and earlier. The issue allows remote attackers to inject arbitrary PHP code into phpre_config.php through the form_aula parameter, indicating a file/configuration handling flaw in older version...

7.5CVSS7.5AI score0.03691EPSS

Exploits1References3Affected Software1

Cvelist•added 2009/05/22 8:0 p.m.•16 views

CVE-2009-1780

7.3AI score0.04014EPSS

Exploits1References3

NVD•added 2009/05/18 12:0 p.m.•14 views

CVE-2009-1658

Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 user username and 2 password parameters. NOTE: some of these details are obtained from third party information...

7.5CVSS8.7AI score0.00202EPSS

Exploits1References5

Prion•added 2009/05/18 12:0 p.m.•11 views

Sql injection

7.5CVSS9.3AI score0.00202EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by