CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

OSV•added 2015/08/03 2:59 p.m.•1 views

DEBIAN-CVE-2015-3440

Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...

4.3CVSS5.9AI score0.14391EPSS

Exploits1References1

Positive Technologies•added 2015/05/04 12:0 a.m.•1 views

PT-2015-6227 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.1.2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via a crafted character in a comment, potentially affecting WordPress installations that use MySQL without strict mode. Th...

4.3CVSS6.3AI score0.14391EPSS

Exploits3References30

0day.today•added 2012/05/30 12:0 a.m.•44 views

NewsAdd <=1.0 Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: NewsAdd =1.0 Multiple SQL Injection Google Dork: ----------------------------------- Date: 2012/05/29 Author: WhiteCollarGroup Software Link: http://phpbrasil.com/script/3tCyUs1JeL1M/newsadd--mysql Version: 1.0 Tested on: Debian...

7.1AI score

Exploits0

exploitpack•added 2011/01/10 12:0 a.m.•25 views

Lotus CMS Fraise 3.0 - Local File Inclusion Remote Code Execution

Lotus CMS Fraise 3.0 - Local File Inclusion Remote Code Execution !/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin...

8.1AI score

Exploits0

Exploit DB•added 2011/01/10 12:0 a.m.•65 views

Lotus CMS Fraise 3.0 - Local File Inclusion / Remote Code Execution

!/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin request if any $plugin = $this-getInputString"system", "Page"; //...

7.4AI score

Exploits0

0day.today•added 2010/03/16 12:0 a.m.•22 views

CSICE XSS and CSRF Vulnerability

Exploit for unknown platform in category web applications ================================ CSICE XSS and CSRF Vulnerability ================================ http://www.csice.org/ Suffers from XSS and CSRF cross site scripting and cross site request forgery attacks. The vulnerability lies in the...

7.1AI score

Exploits0

seebug.org•added 2009/08/14 12:0 a.m.•10 views

Ignition 1.2 (comment) Remote Code Injection Vulnerability

No description provided by source. Ignition Remote Code Execution AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://IrCrash.com My Official WebSite : http://R3dW0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina Yazdanmehr Download :...

7.1AI score

Exploits0

OpenVAS•added 2009/06/19 12:0 a.m.•19 views

LightNEasy < 2.2.1 / 2.2.2 XSS Vulnerability

LightNEasy is prone to a cross-site scripting XSS vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

4.3CVSS6.1AI score0.00285EPSS

Exploits0References3

seebug.org•added 2009/03/03 12:0 a.m.•11 views

RitsBlog 0.4.2 (AB/XSS) Multiple Remote Vulnerabilities

No description provided by source. Salvatore "drosophila" Fresta + Application: RitsBlog + Version: 0.4.2 + Website: http://sourceforge.net/projects/ritsblog/ + Bugs: A SQL Injection B XSS Persistent + Exploitation: Remote + Date: 02 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Autho...

7.1AI score

Exploits0

Cvelist•added 2009/02/25 11:0 p.m.•15 views

CVE-2008-6283

Cross-site scripting XSS vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags."...

5.6AI score0.00475EPSS

Exploits0References6

Positive Technologies•added 2008/01/10 12:0 a.m.•2 views

PT-2008-1640 · WordPress · Peter'S Random Anti-Spam Image Plugin

Name of the Vulnerable Software and Affected Versions: Peter's Random Anti-Spam Image plugin for WordPress versions 0.2.4 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the comment field in the "comment form" API endpoint, "/comment". This is...

4.3CVSS5.7AI score0.00312EPSS

Exploits0References3

Cvelist•added 2006/03/31 11:0 a.m.•15 views

CVE-2006-1554

Cross-site scripting XSS vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment...

5.7AI score0.00558EPSS

Exploits0References7

Cvelist•added 2006/01/25 2:0 a.m.•18 views

CVE-2006-0409

Cross-site scripting XSS vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup...

5.7AI score0.07636EPSS

Exploits1References7

securityvulns•added 2004/07/19 12:0 a.m.•27 views

[Full-Disclosure] injection html CuteNews

Original Advisory: http://www.darkbicho.iberhosting.net/advisory-11.txt ------------------------------------------------------------------------------------------------- :.: injection html CuteNews :.: PROGRAM: CuteNews HOMEPAGE: http://cutephp.com/ VERSION: v1.3.x BUG: injection html DATE:...

0.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by