CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

234 matches found

Prion•added 2008/06/03 3:32 p.m.•11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ltarget parameter to a admin/adminframe.php and the 2 conf parameter to b gbuch.admin.php, c links.admin.php, d menue.admin.php, e...

4.3CVSS6.1AI score0.01445EPSS

Exploits1References3Affected Software1

Prion•added 2008/06/03 3:32 p.m.•13 views

Sql injection

Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to 1 gbuch.admin.php, 2 links.admin.php, 3 menue.admin.php, 4 news.admin.php, and 5 todo.admin.php in admin/module/...

7.5CVSS9.3AI score0.00928EPSS

Exploits0References2Affected Software1

Cvelist•added 2008/06/03 3:0 p.m.•15 views

CVE-2008-2533

5.8AI score0.01445EPSS

Exploits1References3

Positive Technologies•added 2007/10/01 12:0 a.m.•4 views

PT-2007-6241 · Frontaccounting · Frontaccounting

Multiple PHP remote file inclusion vulnerabilities in FrontAccounting FA 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path to root parameter to 1 access/logout.php or certain PHP scripts under 2 admin/, 3 dimensions/, 4 gl/, 5 inventory/, 6 manufacturing/, 7...

9.3CVSS7.9AI score0.75307EPSS

Exploits2References4

NVD•added 2007/09/06 7:17 p.m.•13 views

CVE-2007-4741

Cross-site scripting XSS vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

3.5CVSS5.2AI score0.00688EPSS

Exploits0References2

Prion•added 2007/04/27 4:19 p.m.•11 views

Sql injection

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via 1 a modified recipients parameter name in a pm.php; 2 the curr parameter to the b badwords aka censorlist or c banlist module in admin.php; or 3 the "Edit groups / Add group...

7.5CVSS9.3AI score0.01872EPSS

Exploits1References12Affected Software1

Cvelist•added 2007/04/25 4:0 p.m.•22 views

CVE-2007-2248

Multiple cross-site scripting XSS vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the 1 groupid parameter in the groups module or 2 the smileyid parameter in the smileys modsettings module...

5.8AI score0.02313EPSS

Exploits1References9

Cvelist•added 2007/04/24 5:0 p.m.•18 views

CVE-2007-2191

Multiple cross-site scripting XSS vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the 1 From, 2 To, 3 Call-ID, 4 User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by...

5.7AI score0.04456EPSS

Exploits1References7

Cvelist•added 2007/01/19 11:0 p.m.•20 views

CVE-2007-0372

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via 1 the active parameter in admin/modules/modules.php; the 2 adclass, 3 imageurl, 4 clickurl, 5 adcode, or 6 position parameter in modules/Advertising/admin/index.php;...

8.5AI score0.03855EPSS

Exploits1References9

seebug.org•added 2006/12/16 12:0 a.m.•375 views

Yappa-NG Admin_Module_Deldir.Inc.PHP远程文件包含漏洞

Yappa-NG是一款基于PHP的WEB应用程序。 Yappa-NG不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。问题是由于'AdminModuleDeldir.Inc.PHP'脚本对用户提交的'configpathsrcinclude'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 yappa-ng yappa-ng 2.3.1 yappa-ng yappa-ng 2.3 .0 yappa-ng yappa-ng 2.2.2 yappa-ng yappa-ng 2.2.1 yappa-ng yappa-...

7.1AI score

Exploits0

securityvulns•added 2006/09/04 12:0 a.m.•105 views

yappa-ng <= v2.3.1 (admin_modules) Remote File Inclusion Exploit

============================================================================================== yappa-ng = v2.3.1 adminmodules Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

1.4AI score

Exploits0

CVE•added 2006/08/31 8:0 p.m.•54 views

CVE-2006-4474

CVE-2006-4474 affects Joomla! prior to 1.0.11, enabling remote XSS via unspecified parameters in Admin Module Manager, Admin Help, and Search. The underlying issue is cross-site scripting that allows injection of arbitrary script/HTML. The entry notes the vulnerability in Joomla! before 1.0.11 an...

6.8CVSS6.1AI score0.01251EPSS

Exploits0References5Affected Software1

Cvelist•added 2006/08/31 8:0 p.m.•25 views

CVE-2006-4474

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in 1 Admin Module Manager, 2 Admin Help, and 3 Search...

5.9AI score0.01251EPSS

Exploits0References5

Prion•added 2006/03/14 11:2 p.m.•18 views

Directory traversal

Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories possibly only empty directories via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue;...

5CVSS7.3AI score0.01602EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by