Lucene search
K

53 matches found

Cvelist
Cvelist
added 2015/05/20 6:0 p.m.31 views

CVE-2012-1665

Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow 1 remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or 2 remote administrators to execute arbitrary SQL commands via the status parameter to...

8.4AI score0.0155EPSS
Exploits2References7
Cvelist
Cvelist
added 2015/05/20 6:0 p.m.24 views

CVE-2012-6691

Multiple cross-site request forgery CSRF vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 status parameter to admin/statsmonthlysales.php or 2 country parameter...

8.1AI score0.00632EPSS
Exploits1References4
NVD
NVD
added 2015/05/15 6:59 p.m.30 views

CVE-2015-2250

Multiple cross-site scripting XSS vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 bannedword parameter to index.php/dashboard/system/conversations/bannedwords/success, 2 channel parameter to index.php/dashboard/reports/logs/view, 3...

4.3CVSS5.7AI score0.02111EPSS
Exploits2References6
NVD
NVD
added 2012/04/11 10:39 a.m.14 views

CVE-2012-1672

SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter...

7.5CVSS8.2AI score0.02224EPSS
Exploits6References3
Prion
Prion
added 2012/04/11 10:39 a.m.29 views

Sql injection

SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter...

7.5CVSS8.9AI score0.02224EPSS
Exploits6References3Affected Software1
Cvelist
Cvelist
added 2012/04/11 10:0 a.m.23 views

CVE-2012-1672

SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter...

8.2AI score0.02224EPSS
Exploits6References3
NVD
NVD
added 2009/02/05 12:30 a.m.17 views

CVE-2009-0424

Cross-site scripting XSS vulnerability in sign1.php in AN Guestbook ANG before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in 1 administrator/manage.php or 2 administrator/trash.php. NOTE: some of these details are...

4.3CVSS5.7AI score0.01065EPSS
Exploits0References5
Prion
Prion
added 2008/04/09 9:5 p.m.13 views

Sql injection

SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter...

6.8CVSS9.1AI score0.00914EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2008/04/09 9:5 p.m.13 views

CVE-2008-1715

SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter...

6.8CVSS8.4AI score0.00914EPSS
Exploits1References4
Prion
Prion
added 2007/03/07 12:19 a.m.20 views

Sql injection

SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected...

6.8CVSS9AI score0.01249EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2006/06/28 10:5 p.m.7 views

CVE-2006-3271

Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the 1 country and 2 sortby parameters in a searchresults.php; 3 browse parameter in b featuredphotos.php; 4 cid parameter in c products.php, d index.php, and e newsdesc.php...

7.5CVSS6AI score0.01313EPSS
Exploits1References7
Cvelist
Cvelist
added 2005/09/19 4:0 a.m.22 views

CVE-2005-2985

SQL injection vulnerability in searchresult.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter...

8.2AI score0.01162EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/04/07 4:0 a.m.25 views

CVE-2005-0995

Multiple cross-site scripting XSS vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter to advSearchh.asp, 2 the redirectUrl parameter to NewCust.asp, 3 the country parameter to storelocatorsubmit.asp, or 4 the error parameter...

5.7AI score0.01427EPSS
Exploits1References7
Rows per page
Query Builder