CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1599 matches found

Cvelist•added 2009/06/18 9:0 p.m.•19 views

CVE-2009-2114

Multiple cross-site scripting XSS vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the 1 mgroup, 2 mgr, 3 objtype, 4 id, and 5 dir parameters...

5.8AI score0.01497EPSS

Exploits1References5

CVE•added 2009/06/18 9:0 p.m.•47 views

CVE-2009-2114

SkyBlueCanvas 1.1 r237 contains multiple cross-site scripting (XSS) vulnerabilities in admin.php. The issue allows remote attackers to inject arbitrary web script or HTML via the parameters mgroup, mgr, objtype, id, and dir. The CVE entry confirms XSS but does not provide exploit details, affecte...

4.3CVSS5.9AI score0.01497EPSS

Exploits1References5Affected Software1

CVE•added 2009/06/18 9:0 p.m.•46 views

CVE-2009-2115

Affected software : SkyBlueCanvas 1.1 r237. Vulnerability : admin.php exposes an information disclosure vulnerability where a remote authenticated administrator can trigger an error message via an invalid id parameter that reveals the installation path. Root cause : improper handling of the id pa...

6.8CVSS5.9AI score0.01127EPSS

Exploits0References3Affected Software1

CVE•added 2009/06/18 9:0 p.m.•43 views

CVE-2009-2120

CVE-2009-2120 affects TekBase All-in-One 3.1, with multiple SQL injection vulnerabilities that let remote authenticated users execute arbitrary SQL commands. Affected vectors include the (1) ids parameter to admin.php and the (2) y parameter to members.php, among others. At least one vector is no...

6.5CVSS8.3AI score0.01779EPSS

Exploits0References4Affected Software1

Cvelist•added 2009/06/18 9:0 p.m.•21 views

CVE-2009-2115

admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...

5.8AI score0.01127EPSS

Exploits0References3

NVD•added 2009/06/16 7:30 p.m.•15 views

CVE-2009-2080

admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to 1 obtain sensitive configuration information via the editconfig action or 2 change the administrator's password via the id parameter in an editop action...

7.5CVSS6.5AI score0.02688EPSS

Exploits0References3

Cvelist•added 2009/06/12 5:28 p.m.•21 views

CVE-2009-2037

Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 GLOBALSSKIN parameter to index.php and the 2 skin...

7.3AI score0.02122EPSS

Exploits0References3

seebug.org•added 2009/06/11 12:0 a.m.•18 views

MRCGIGUY FreeTicket (CH/SQL) Multiple Remote Vulnerabilities

No description provided by source. MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Download: http://www.mrcgiguy.com/cgi-bin/freedown.cgi?id=1 Vendor:http://www.mrcgiguy.com Special Thx: Snakespc His0k4 Note: Algerie 3-1 Egypt...

7.1AI score

Exploits0

exploitpack•added 2009/06/10 12:0 a.m.•18 views

mrcgiguy freeticket - Cookie Handling SQL Injection

mrcgiguy freeticket - Cookie Handling SQL Injection MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Download: http://www.mrcgiguy.com/cgi-bin/freedown.cgi?id=1 Vendor:http://www.mrcgiguy.com Special Thx: Snakespc His0k4 Note: Algeri...

1AI score

Exploits0

0day.today•added 2009/06/10 12:0 a.m.•20 views

MRCGIGUY FreeTicket (CH/SQL) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ MRCGIGUY FreeTicket CH/SQL Multiple Remote Vulnerabilities ============================================================ MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founde...

7.1AI score

Exploits0

Exploit DB•added 2009/06/10 12:0 a.m.•41 views

mrcgiguy freeticket - Cookie Handling / SQL Injection

MRCGIGUY FreeTicket Multiple Remote Vulnerabilities Founder: ThE g0bL!N ------ Home: http:/www.4ckx.com/dz/ ---- Download: http://www.mrcgiguy.com/cgi-bin/freedown.cgi?id=1 Vendor:http://www.mrcgiguy.com Special Thx: Snakespc His0k4 Note: Algerie 3-1 Egypt Exploit: ------ Cookies insecure...

7.4AI score

Exploits0

Packet Storm•added 2009/06/03 12:0 a.m.•18 views

Flashlight Free Edition Local File Inclusion / SQL Injection

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Flashlight Free Edition - LFI/SQL Multiple Remote Vul XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RATM: "All hell can't stop us now!" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --Author : k4m1k451 --E-mail :...

0.3AI score

Exploits0

seebug.org•added 2009/06/02 12:0 a.m.•31 views

Flashlight Free Edition (LFI/SQL) Multiple Remote Vulnerabilities

No description provided by source. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Flashlight Free Edition - LFI/SQL Multiple Remote Vul XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RATM: "All hell can't stop us now!" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX...

7.1AI score

Exploits0

exploitpack•added 2009/06/02 12:0 a.m.•12 views

flashlight free edition - Local File Inclusion SQL Injection

flashlight free edition - Local File Inclusion SQL Injection XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Flashlight Free Edition - LFI/SQL Multiple Remote Vul XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RATM: "All hell can't stop us now!"...

0.3AI score

Exploits0

CVE•added 2009/05/29 4:24 p.m.•41 views

CVE-2009-1816

CVE-2009-1816 is a SQL injection vulnerability affecting admin.php in My Game Script 2.0, exploitable via the user parameter (username field) to execute arbitrary SQL commands remotely. The vulnerability description notes that some details come from third-party information. The CVE has multiple r...

7.5CVSS8.6AI score0.01024EPSS

Exploits1References5Affected Software1

Cvelist•added 2009/05/29 4:24 p.m.•25 views

CVE-2009-1816

SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter aka the username field. NOTE: some of these details are obtained from third party information...

8.3AI score0.01024EPSS

Exploits1References5

Prion•added 2009/05/22 8:30 p.m.•9 views

Remote file inclusion

PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the formincludetemplate parameter...

7.5CVSS8.1AI score0.03851EPSS

Exploits1References3Affected Software1

Prion•added 2009/05/22 8:30 p.m.•12 views

Authentication flaw

admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified formadminuser and formadminpass parameters...

7.5CVSS7.9AI score0.03759EPSS

Exploits1References3Affected Software1

Prion•added 2009/05/22 8:30 p.m.•15 views

Code injection

Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpreconfig.php via the formaula parameter...

7.5CVSS7.8AI score0.03169EPSS

Exploits1References3Affected Software1

CVE•added 2009/05/22 8:0 p.m.•45 views

CVE-2009-1781

CVE-2009-1781 describes a static code injection vulnerability in admin.php of Frax.dk Php Recommend 1.3 and earlier. The issue allows remote attackers to inject arbitrary PHP code into phpre_config.php through the form_aula parameter, indicating a file/configuration handling flaw in older version...

7.5CVSS7.5AI score0.03169EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by