Lucene search
+L

114 matches found

canvas
canvas
added 2009/06/30 10:30 a.m.68 views

Immunity Canvas: ZENCART_REMOTE

Name| zencartremote ---|--- CVE| CVE-2009-2255 Exploit Pack| CANVAS Description| zencartremote Notes| Repeatability: Infinite CVE URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2255 VENDOR: www.zen-cart.com/ CVSS: 6.8 CVE Name: CVE-2009-2255...

6.8CVSS0.8AI score0.30966EPSS
Exploits4
CVE
CVE
added 2009/06/30 10:0 a.m.79 views

CVE-2009-2255

Zen Cart 1.3.8a, 1.3.8 and earlier are affected by an authentication bypass in admin/record_company.php that allows remote code execution. The vulnerability occurs because admin authentication is not enforced for that module; an attacker can upload a PHP file via the record_company_image paramete...

6.8CVSS7.9AI score0.30966EPSS
Exploits4References7Affected Software1
CVE
CVE
added 2008/08/13 10:0 a.m.59 views

CVE-2008-2255

Microsoft Internet Explorer 5.01, 6, and 7 suffer a memory corruption vulnerability (uninitialized memory) that can lead to a denial of service and remote code execution via unknown vectors. The connected advisories associate CVE-2008-2255 with MS08-045 (Cumulative Security Update for Internet Ex...

9.3CVSS7.4AI score0.29062EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/08/13 12:0 a.m.50 views

MS08-045: Cumulative Security Update for Internet Explorer (953838)

The remote host is missing the IE cumulative security update 953838. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid33874;...

9.3CVSS6.2AI score0.35222EPSS
Exploits6References7
CVE
CVE
added 2007/10/14 8:0 p.m.43 views

CVE-2002-2255

The CVE-2002-2255 entry describes an XSS vulnerability in phpBB 2.0.3 and possibly earlier versions. The issue enables remote attackers to inject arbitrary web script or HTML via the search_username parameter in the searchuser mode, potentially compromising user sessions or data integrity. Accord...

4.3CVSS6.1AI score0.01436EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2007/04/26 7:19 p.m.21 views

Remote file inclusion

PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insertlink.php in download engine Download-Engine 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spawroot parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in...

7.5CVSS7.3AI score0.01744EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/04/25 5:19 p.m.17 views

CVE-2007-2255

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...

7.5CVSS7.3AI score0.01744EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/04/25 5:0 p.m.28 views

CVE-2007-2255

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...

7.3AI score0.01744EPSS
Exploits0References6
CVE
CVE
added 2007/04/25 5:0 p.m.61 views

CVE-2007-2255

CVE-2007-2255 affects Download-Engine 1.4.3 and describes multiple PHP remote file inclusion vulnerabilities. The vulnerabilities allow an attacker to supply a URL in parameters (eng_dir to addmember.php, lang_path to admin/enginelib/class.phpmailer.php, and spaw_root to admin/includes/spaw/dialo...

7.5CVSS7.4AI score0.01744EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/05/09 10:0 a.m.38 views

CVE-2006-2255

The CVE-2006-2255 entry concerns Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier. Affected parameters include article_id (ArticleView.php), forum_id (DiscView.php or Discussions.php), event_id (EventView.php), AddVote and answer_id (PollResults.php), and mid (D...

7.5CVSS8.5AI score0.02376EPSS
Exploits1References11Affected Software1
CVE
CVE
added 2005/07/13 4:0 a.m.59 views

CVE-2005-2255

CVE-2005-2255 describes a directory traversal in PhpAuction 2.5 where an attacker can manipulate the lan parameter in index.php or admin/index.php to read arbitrary files, include local PHP files, or glean sensitive path information. The root cause is improper validation of the lan parameter allo...

6.4CVSS6.3AI score0.01507EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2004/12/31 5:0 a.m.19 views

CVE-2004-2255

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename...

6.4CVSS6.9AI score0.01983EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2004/08/11 12:0 a.m.32 views

phpMyFAQ index.php action Parameter Local File Inclusion

The version of phpMyFAQ on the remote host contains a flaw that may lead to an unauthorized information disclosure. The problem is that user input passed to the 'action' parameter is not properly verified before being used to include files, which could allow a remote attacker to view any accessib...

6.4CVSS5.6AI score0.01983EPSS
Exploits0References3
NVD
NVD
added 2002/12/31 5:0 a.m.20 views

CVE-2002-2255

Cross-site scripting XSS vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the searchusername parameter in searchuser mode...

4.3CVSS5.8AI score0.01436EPSS
Exploits1References3
Rows per page
Query Builder