Lucene search
K

1777 matches found

NVD
NVD
added 2007/08/08 10:17 p.m.25 views

CVE-2007-4239

Cross-site scripting XSS vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 21007062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter...

4.3CVSS5.7AI score0.01062EPSS
Exploits1References3
Cvelist
Cvelist
added 2007/08/08 10:0 p.m.28 views

CVE-2007-4239

Cross-site scripting XSS vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 21007062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter...

5.7AI score0.01062EPSS
Exploits1References3
CVE
CVE
added 2007/08/08 10:0 p.m.56 views

CVE-2007-4239

The CVE-2007-4239 entry describes a Cross-site scripting (XSS) vulnerability in the admin interface of C‑SAM oneWallet 210_07062007;1.0, specifically in user/forgotPassStep2.jsp. The issue allows remote attackers to inject arbitrary web script or HTML via the loginID parameter. The provided docum...

4.3CVSS5.7AI score0.01062EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2007/08/08 12:0 a.m.35 views

csam-xss.txt

A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page. http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.jsp?loginID=null%22%3e%3cscript%3ealert%22XSS!%22%3c%2fscript%3e Sucessfully tested with Version...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/08/07 12:0 a.m.52 views

C-SAM oneWallet forget password Cross Site Scripting vulnerability

A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page. http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.jsp?loginID=null223e3cscript3ealert22XSS!223c2fscript3e Sucessfully tested with Version 21007062007;1.0...

0.3AI score
Exploits0
Cvelist
Cvelist
added 2007/07/06 7:0 p.m.20 views

CVE-2005-4856

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with 1...

6.1AI score0.01124EPSS
Exploits0References2
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.84571 views

[Full-disclosure] Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability

netVigilance Security Advisory 13 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handlin...

5.1CVSS0.7AI score0.07506EPSS
Exploits2
Packet Storm
Packet Storm
added 2007/05/08 12:0 a.m.1576 views

ag-traverse.txt

netVigilance Security Advisory 13 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handlin...

5.1CVSS6.7AI score0.07506EPSS
Exploits2
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.1069 views

Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities

netVigilance Security Advisory 11 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , htm...

7.1CVSS6.4AI score0.01828EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2007/04/12 7:19 p.m.5 views

CVE-2007-2000

Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 pseudo or 2 passe parameter...

7.5CVSS6.3AI score0.01037EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2007/04/12 7:19 p.m.2 views

CVE-2007-2001

Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" background color field and other unspecified fields, which injects into config.inc.php3...

6.5CVSS6.2AI score0.02022EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/03/23 12:0 a.m.31 views

CVE-2007-1622

Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...

5.1AI score0.05778EPSS
Exploits1References7
securityvulns
securityvulns
added 2007/02/28 12:0 a.m.55 views

Nullsoft ShoutcastServer Persistant XSS - 0day

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +--------------------------------------- - -- - | SaMuschie Research Labs proudly presents . . . +------------------------------------------- -- - - | Application: Nullsoft ShoutcastServer | Version: 1.9.7/Win32 other versions/platforms not tested |...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/02/19 12:0 a.m.77 views

Powerschool 404 Admin Exposure

Powerschool 4.3.6 and possibly other versions expose the admin interface when requesting any file with .js This allows one to see some directory and file names inside the admin folder. POC: http://powerschoolip/admin/.js Product's website does not provide email contact?...

1.2AI score
Exploits0
0day.today
0day.today
added 2007/02/13 12:0 a.m.37 views

Advanced Poll <= 2.0.5-dev Remote Code Execution Exploit

Exploit for unknown platform in category web applications ======================================================== Advanced Poll = 2.0.5-dev textfile RCE. date: 30/07/06 PHCKSEC c 2001-2006. Hey, what a mad world! use strict; use warnings; use LWP::UserAgent; use MD5; args: http://url/apollpath c...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/01/24 12:0 a.m.32 views

phplinkdirectory_070121.txt

Smilehouse Oy -= Security Advisory =- Advisory: PHP Link Directory XSS Vulnerability Release Date: 2007/01/21 Last Modified: 2007/01/21 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg, Associate of ISC² [email protected] Application: PHP Link Directory = 3.0.6...

7.4AI score
Exploits0
NVD
NVD
added 2007/01/22 6:28 p.m.22 views

CVE-2007-0402

Cross-site scripting XSS vulnerability in admin/editmember.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter...

6.8CVSS5.7AI score0.01141EPSS
Exploits0References4
NVD
NVD
added 2006/10/26 4:7 p.m.16 views

CVE-2006-5515

Cross-site scripting XSS vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface...

4.3CVSS5.6AI score0.0159EPSS
Exploits0References9
Cvelist
Cvelist
added 2006/10/26 4:0 p.m.29 views

CVE-2006-5515

Cross-site scripting XSS vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface...

5.6AI score0.0159EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2006/10/06 12:0 a.m.7 views

PT-2006-5910 · Buffalo · Buffalo Terastation Hd-Htgl

Name of the Vulnerable Software and Affected Versions: Buffalo TeraStation HD-HTGL firmware versions prior to 2.05 beta 1 Description: A cross-site request forgery issue exists in the administrative interface, allowing remote attackers to modify configurations or delete arbitrary data...

7.6CVSS6.8AI score0.01095EPSS
Exploits0References6
Rows per page
Query Builder