Lucene search
K

1815 matches found

Prion
Prion
added 2007/01/09 2:28 a.m.15 views

Sql injection

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via 1 the cat parameter to albmgr.php, and possibly 2 the gid parameter to usermgr.php; 3 the start parameter to dbecard.php; and the...

6.5CVSS8.9AI score0.03022EPSS
Exploits1References11Affected Software1
NVD
NVD
added 2007/01/09 2:28 a.m.13 views

CVE-2007-0115

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php...

6CVSS7.5AI score0.01087EPSS
Exploits1References5
CVE
CVE
added 2007/01/09 2:0 a.m.49 views

CVE-2007-0122

Coppermine Photo Gallery 1.4.10 and earlier has multiple SQL injection vulnerabilities that allow remote authenticated administrators to execute arbitrary SQL commands. Affected parameters include (1) cat in albmgr.php, (2) gid in usermgr.php, (3) start in db_ecard.php, and (4) albumid in unspeci...

6.5CVSS8.2AI score0.03022EPSS
Exploits1References11Affected Software1
Cvelist
Cvelist
added 2006/12/29 11:0 a.m.20 views

CVE-2006-6815

Multiple cross-site scripting XSS vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to 1 setpreferences.asp, 2 sendpasswordpreferences.asp, and 3 SecureLoginManager/list.asp in the...

5.5AI score0.00924EPSS
Exploits0References3
NVD
NVD
added 2006/12/07 1:28 a.m.11 views

CVE-2006-6347

Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector...

6.5CVSS6.5AI score0.01152EPSS
Exploits0References3
Cvelist
Cvelist
added 2006/12/07 1:0 a.m.20 views

CVE-2006-6347

Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector...

6.5AI score0.01152EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2006/12/04 11:28 a.m.5 views

CVE-2006-6284

Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. dot dot sequence in the act parameter...

9CVSS5.8AI score0.03754EPSS
Exploits0References7
Cvelist
Cvelist
added 2006/11/06 6:0 p.m.17 views

CVE-2006-5738

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors...

8.1AI score0.00851EPSS
Exploits0References2
NVD
NVD
added 2006/07/25 1:22 p.m.20 views

CVE-2006-3826

Multiple cross-site scripting XSS vulnerabilities in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 userlogin, 2 fullname, and 3 URL parameters in register.php; and allow remote authenticated administrators to...

4.3CVSS5.5AI score0.01359EPSS
Exploits1References7
NVD
NVD
added 2006/07/25 1:22 p.m.14 views

CVE-2006-3827

SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter...

6.5CVSS8AI score0.01213EPSS
Exploits1References7
CVE
CVE
added 2006/07/25 12:0 a.m.44 views

CVE-2006-3828

The CVE-2006-3828 entry concerns Kailash Nadh’s boastMachine (formerly bMachine)

6.5CVSS7.7AI score0.01183EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2006/07/25 12:0 a.m.48 views

CVE-2006-3826

CVE-2006-3826: XSS in Kailash Nadh boastMachine (3.1 and earlier) allows remote injection via register.php parameters (user_login, full_name, URL) and via admin interface parameters (cat_list, key); no exploitation status or patch details are provided in the connected documents.

4.3CVSS5.7AI score0.01359EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2006/07/25 12:0 a.m.55 views

CVE-2006-3830

The CVE-2006-3830 issue affects Kailash Nadh’s boastMachine (formerly bMachine) up to version 3.1. Remote authenticated administrators can upload files with arbitrary extensions to the bmc/Inc/Lang directory. The uploaded files are not served over HTTP, so exploitation hinges on a local usage pat...

4CVSS6.5AI score0.00812EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2006/05/19 10:2 a.m.11 views

CVE-2006-2467

BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address...

4CVSS6.3AI score0.01224EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/05/15 4:0 p.m.20 views

CVE-2005-4800

Direct static code injection vulnerability in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a modinfo action to modifygallery.php, which inserts the code into guidinfo.php. NOTE: this...

6.9AI score0.0219EPSS
Exploits1References5
NVD
NVD
added 2006/05/12 12:2 a.m.14 views

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

6.5CVSS7.1AI score0.03386EPSS
Exploits1References4
Prion
Prion
added 2006/05/12 12:2 a.m.18 views

Code injection

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

6.5CVSS7.9AI score0.03386EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2006/05/12 12:0 a.m.17 views

CVE-2006-2335

Jelsoft vBulletin accepts uploads of Cascading Style Sheets CSS and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed...

7.1AI score0.03386EPSS
Exploits1References4
NVD
NVD
added 2006/05/01 11:2 p.m.22 views

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

5.5CVSS7.2AI score0.01215EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/05/01 11:0 p.m.25 views

CVE-2006-2129

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

7.2AI score0.01215EPSS
Exploits0References6
Rows per page
Query Builder