Lucene search
K

376 matches found

OSV
OSV
added 2010/08/23 10:0 p.m.3 views

DEBIAN-CVE-2010-1645

Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in 1 the FQDN field of a Device or 2 the Vertical Label field of a Graph Template...

6.5CVSS7.6AI score0.02804EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2010/05/19 8:30 p.m.4 views

CVE-2010-1984

Cross-site scripting XSS vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display...

2.1CVSS5.7AI score0.00991EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2010/05/19 8:0 p.m.2 views

CVE-2010-1976

Cross-site scripting XSS vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display...

2.1CVSS5.7AI score0.00991EPSS
Exploits0References7
CVE
CVE
added 2009/08/12 10:0 a.m.44 views

CVE-2008-6956

CVE-2008-6956 affects mxCamArchive 2.2 in the admin/admin.php component. It is a static code injection vulnerability that allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, with execution triggered by index.php. The C...

6.5CVSS7.1AI score0.04807EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2009/03/30 1:30 a.m.3 views

CVE-2008-6542

Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files...

4.6CVSS5.9AI score0.01606EPSS
Exploits0References6
CVE
CVE
added 2009/02/22 10:0 p.m.43 views

CVE-2009-0672

The CVE shows a SQL injection in the RavenNuke 2.30 Resend_Email module, exploitable via the user_prefix parameter to modules.php. Affected component: Raven Web Services (Resend_Email). Root cause: improper handling of user_prefix leads to arbitrary SQL commands when accessed by remote authentica...

6.5CVSS8.2AI score0.01255EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2008/12/23 6:30 p.m.19 views

CVE-2008-4305

Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI...

9CVSS6.8AI score0.03065EPSS
Exploits0References6
CVE
CVE
added 2008/12/11 3:0 p.m.45 views

CVE-2008-5434

CVE-2008-5434 affects PunBB 1.3 and 1.3.1, with multiple SQL injection vulnerabilities exploitable by remote authenticated administrators via (1) order_by or (2) direction in admin/users.php, and (3) configuration options in admin/settings.php. The underlying issue enables arbitrary SQL command e...

6.5CVSS8.2AI score0.01094EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2008/11/01 6:0 a.m.16 views

Unrestricted file upload

Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file...

8.5CVSS7.8AI score0.04021EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2008/06/18 10:41 p.m.3 views

CVE-2008-2761

Multiple cross-site scripting XSS vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in 1 searchbanners.asp and 2 listadvertisers.asp, and other unspecified fields. NOTE: some of these...

3.5CVSS5.5AI score0.0103EPSS
Exploits1References8
OSV
OSV
added 2008/05/21 1:24 p.m.4 views

DEBIAN-CVE-2008-2392

Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard...

9CVSS7.3AI score0.04279EPSS
Exploits0References1
OSV
OSV
added 2007/06/15 1:30 a.m.4 views

DEBIAN-CVE-2007-3238

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

6CVSS6AI score0.02EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/05/11 5:0 p.m.24 views

CVE-2007-2630

Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All aka 12All 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and...

6.5AI score0.01311EPSS
Exploits0References6
Patchstack
Patchstack
added 2007/03/28 12:0 a.m.21 views

WordPress <= 2.1.2 - Cross Site Scripting

Because of this vulnerability in an mt import in wp-admin/admin.php, the authenticated administrators can inject arbitrary web script or HTML via the "demo" parameter Solution Update the WordPress to the latest available version at least 2.1.3...

3.5CVSS2.3AI score0.01539EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2006/07/25 12:0 a.m.21 views

CVE-2006-3830

The Languages selection in the admin interface in Kailash Nadh boastMachine formerly bMachine 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this...

6.2AI score0.00812EPSS
Exploits1References2
Prion
Prion
added 2006/05/01 11:2 p.m.18 views

Code injection

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in setinc.php...

5.5CVSS7.6AI score0.01215EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder