Lucene search
+L

256 matches found

Exploit DB
Exploit DB
added 2005/07/27 12:0 a.m.27 views

Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14395/info Clever Copy is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/07/27 12:0 a.m.17 views

Clever Copy 2.0 - Private Message Unauthorized Access

source: https://www.securityfocus.com/bid/14397/info Clever Copy is affected by an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper access validation checks before granting access to private message functions. An attacker can exploit this...

7.4AI score
Exploits0
NVD
NVD
added 2005/07/19 4:0 a.m.18 views

CVE-2005-2324

Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to 1 results.php or 2 categorysearch.php...

4.3CVSS5.7AI score0.02751EPSS
Exploits1References1
NVD
NVD
added 2005/07/19 4:0 a.m.14 views

CVE-2005-2323

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the 1 id parameter to viewattach.php, 2 viewuserid parameter to users.php, or the 3 id or 4 forum parameter to viewforum.php...

7.5CVSS7.8AI score0.02705EPSS
Exploits1References7
Cvelist
Cvelist
added 2005/07/19 4:0 a.m.23 views

CVE-2005-2323

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the 1 id parameter to viewattach.php, 2 viewuserid parameter to users.php, or the 3 id or 4 forum parameter to viewforum.php...

7.8AI score0.02705EPSS
Exploits1References7
NVD
NVD
added 2005/07/19 4:0 a.m.18 views

CVE-2005-2322

Cross-site scripting XSS vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the 1 viewuserid or 2 group parameter to users.php...

4.3CVSS5.7AI score0.01382EPSS
Exploits1References6
NVD
NVD
added 2005/07/19 4:0 a.m.21 views

CVE-2005-2325

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...

5CVSS6.6AI score0.01846EPSS
Exploits1References1
Cvelist
Cvelist
added 2005/07/19 4:0 a.m.20 views

CVE-2005-2325

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...

6.6AI score0.01846EPSS
Exploits1References1
NVD
NVD
added 2005/07/19 4:0 a.m.18 views

CVE-2005-2326

Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php...

4.3CVSS5.7AI score0.02702EPSS
Exploits1References1
CVE
CVE
added 2005/07/19 4:0 a.m.61 views

CVE-2005-2326

CVE-2005-2326 is a Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a that allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php. The NVD entry provides a MEDIUM severity (CVSSv2 base score 4.3) with network access and no authenticat...

4.3CVSS5.7AI score0.02702EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2005/07/19 4:0 a.m.47 views

CVE-2005-2324

CVE-2005-2324 affects Clever Copy 2.0 and 2.0a. The vulnerability is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to (1) results.php or (2) categorysearch.php. The cited sources confirm the vulner...

4.3CVSS5.7AI score0.02751EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2005/07/19 4:0 a.m.23 views

CVE-2005-2326

Cross-site scripting XSS vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php...

5.7AI score0.02702EPSS
Exploits1References1
CVE
CVE
added 2005/07/19 4:0 a.m.57 views

CVE-2005-2323

Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the following parameters: (1) id in viewattach.php, (2) viewuser_id in users.php, and (3) id or (4) forum in viewforum.php. Affecte...

7.5CVSS8.3AI score0.02705EPSS
Exploits1References7Affected Software2
exploitpack
exploitpack
added 2005/07/15 12:0 a.m.12 views

Clever Copy 2.0 - calendar.php Cross-Site Scripting

Clever Copy 2.0 - calendar.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14278/info A cross-site scripting vulnerability affects Clever Copy. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2005/07/15 12:0 a.m.22 views

cleverXSS.txt

Clever copy 'calendar.php' 'yr' variable cross site scripting vendor url:http://clevercopy.bestdirectbuy.com advisory:http://lostmon.blogspot.com/2005/07/ clever-copy-calendarphp-yr-variable.html vendor notify: yes exploit available:yes Clever Copy is a free, fully scalable web site portal and ne...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/07/15 12:0 a.m.19 views

Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14278/info A cross-site scripting vulnerability affects Clever Copy. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. An attacker may leverage this issue...

7.4AI score
Exploits0
Rows per page
Query Builder