Lucene search
K

1466 matches found

freebsd
freebsd
added 2007/06/01 12:0 a.m.25 views

wordpress -- unmoderated comments disclosure

Blogsecurity reports: An attacker can read comments on posts that have not been moderated. This can be a real security risk if blog admins are using unmoderated comments comments that have not been made public to hide sensitive notes regarding posts, future work, passwords etc. So please be caref...

1.6AI score
Exploits0References1
securityvulns
securityvulns
added 2007/05/18 12:0 a.m.53 views

eSyndiCat Input Validation Error Vulnerability

eSyndiCat is Directory websystem, a product of eSyndiCat.com It has security hole allow attackers get admin and more and more. Infected version: eSyndiCat Pro v1.x Infected file: manage-admins.php Use poc file to attack: ------------------------------------------------ pDiscovered by H2P - A memb...

Exploits0
cvelist
cvelist
added 2007/05/11 5:0 p.m.24 views

CVE-2007-2630

Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All aka 12All 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and...

6.5AI score0.01311EPSS
Exploits0References6
patchstack
patchstack
added 2007/03/28 12:0 a.m.21 views

WordPress <= 2.1.2 - Cross Site Scripting

Because of this vulnerability in an mt import in wp-admin/admin.php, the authenticated administrators can inject arbitrary web script or HTML via the "demo" parameter Solution Update the WordPress to the latest available version at least 2.1.3...

3.5CVSS2.3AI score0.01539EPSS
Exploits0References1Affected Software1
exploitdb
exploitdb
added 2007/03/23 12:0 a.m.212 views

Active Auction Pro 7.1 - &#039;default.asp?catid&#039; SQL Injection

Title : Active Auction Remote SQL Injection Vulnerability Author : CyberGhost Demo Page : http://www.activewebsoftwares.com/demoactiveauction Script Page : http://www.activewebsoftwares.com/productinfo.aspx?productid=1 Vuln. Username :...

7.4AI score
Exploits0
zdt
zdt
added 2007/03/21 12:0 a.m.29 views

Active Link Engine (default.asp catid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================================= Active Link Engine default.asp catid Remote SQL Injection Vulnerability ========================================================================= Title : Active Link...

7.1AI score
Exploits0
seebug
seebug
added 2006/12/09 12:0 a.m.11 views

JPortalprint.phpSQL注入漏洞 Exploit

No description provided by source. Maciek Wierciski ([email protected])提供了如下测试方法: http://xxxxx/print.php?what=article&id=X AND 1=0 UNION SELECT id,id,nick,pass,id,id,id,id,id from admins LIMIT 1...

7.1AI score
Exploits0
nvd
nvd
added 2006/09/13 10:7 p.m.16 views

CVE-2006-4733

PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system SIPS 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the configsipssys parameter. NOTE: the product's documentation recommends placing the...

7.5CVSS7.5AI score0.03161EPSS
Exploits1References6
cve
cve
added 2006/09/13 10:0 p.m.45 views

CVE-2006-4733

CVE-2006-4733 : A PHP remote file inclusion vulnerability in sipssys/code/box.inc.php affects Haakon Nilsen’s SIPS up to version 0.3.1. The issue allows an attacker to execute arbitrary PHP code by supplying a URL in the config[sipssys] parameter. The vendor note states placing the affected file ...

7.5CVSS7.8AI score0.03161EPSS
Exploits1References6Affected Software1
cvelist
cvelist
added 2006/07/25 12:0 a.m.21 views

CVE-2006-3830

The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...

6.2AI score0.00812EPSS
Exploits1References2
prion
prion
added 2006/05/01 11:2 p.m.18 views

Code injection

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

5.5CVSS7.6AI score0.01215EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2005/12/05 12:0 a.m.35 views

HobSR SQL inj. vuln

HobSR SQL inj. vuln Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/hobsr-sql-inj-vuln.html vendor:www.hobosworld.com/scripts.php?id=5 affected version:1.0 and prior Product Description: HobSR is an top sites script where users sign up to have their...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2005/11/04 12:0 a.m.73 views

JPortal Web Portal 2.2.12.3.1 - comment.php SQL Injection

JPortal Web Portal 2.2.12.3.1 - comment.php SQL Injection source: https://www.securityfocus.com/bid/15324/info JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. Successful exploitati...

0.2AI score
Exploits0
atlassian
atlassian
added 2005/11/03 3:17 a.m.20 views

Project admin is presented with an option to select a Screen Scheme

The option of changing the scheme should only be given to the global admins...

1.4AI score
Exploits0Affected Software1
atlassian
atlassian
added 2005/11/03 3:17 a.m.20 views

Project admin is presented with an option to select a Screen Scheme

The option of changing the scheme should only be given to the global admins...

1.4AI score
Exploits0Affected Software1
atlassian
atlassian
added 2005/11/03 3:17 a.m.22 views

Project admin is presented with an option to select a Screen Scheme

The option of changing the scheme should only be given to the global admins...

1.4AI score
Exploits0
securityvulns
securityvulns
added 2005/09/26 12:0 a.m.26 views

Sql injection in jPortal version 2.3.1 &#40;module download&#41;

Versions: all from 2.2.1 to 2.3.1+Service Pack+shop jportalI check this bug only on one site SQL injection attack if magicquotesqpc=Off Problem is in file serching engine download.php, witch code is in “module/down.inc.php” file: code if$cat=='all' $q = "AND title LIKE '$word'"; else $q = "AND...

0.4AI score
Exploits0
packetstorm
packetstorm
added 2005/09/24 12:0 a.m.21 views

jPortalSQL.txt

Versions: all from 2.2.1 to 2.3.1+Service Pack+shop jportalI check this bug only on one site SQL injection attack if magicquotesqpc=Off Problem is in file serching engine download.php, witch code is in “module/down.inc.php” file: if$cat=='all' $q = "AND title LIKE '%$word%'"; else $q = "AND...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2005/09/07 12:0 a.m.41 views

mybbXSS.txt

XSS VULN IN ALL MYBB VERSIONS INCLUDING PR2 Vendor: given SEVEN days notice, no patch released! Just to say, I am apalled with the fact that I contacted MyBB on the 30 August, and was originally not planning to go public. However, because they have failed to release a patch I have decided to aler...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/09/06 12:0 a.m.25 views

[Full-disclosure] XSS VULN IN ALL MYBB VERSIONS &#40;INCLUDING PR2&#41;

XSS VULN IN ALL MYBB VERSIONS INCLUDING PR2 Vendor: given SEVEN days notice, no patch released! Just to say, I am apalled with the fact that I contacted MyBB on the 30 August, and was originally not planning to go public. However, because they have failed to release a patch I have decided to aler...

6.2AI score
Exploits0
Rows per page
Query Builder