CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10439 matches found

Exploit DB•added 2014/01/24 12:0 a.m.•18 views

XOS Shop - 'goto' SQL Injection

source: https://www.securityfocus.com/bid/65121/info XOS Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data...

7.4AI score

Exploits0

NVD•added 2014/01/22 9:55 p.m.•12 views

CVE-2014-0807

data/class/pages/shopping/LCPageShoppingDeliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors...

6.4CVSS6.7AI score0.00527EPSS

Exploits1References3

Cvelist•added 2014/01/22 9:0 p.m.•15 views

CVE-2014-0807

data/class/pages/shopping/LCPageShoppingDeliv.php in LOCKON EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2, allows remote attackers to modify data via unspecified vectors...

6.7AI score0.00527EPSS

Exploits1References3

CVE•added 2014/01/22 9:0 p.m.•44 views

CVE-2014-0807

CVE-2014-0807 affects LOCKON EC-CUBE, impacting data modification via the vulnerable file LC_Page_Shopping_Deliv.php in EC-CUBE 2.4.4 and earlier, and 2.11.0 through 2.12.2. The root cause is described as an information alteration vulnerability that allows remote attackers to modify data; vectors...

6.4CVSS6.8AI score0.00527EPSS

Exploits1References3Affected Software1

Exploit DB•added 2014/01/07 12:0 a.m.•28 views

Command School Student Management System - '/sw/add_topic.php' Cross-Site Request Forgery (Topic Creation)

source: https://www.securityfocus.com/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An HTML injection...

7.4AI score

Exploits0

exploitpack•added 2014/01/07 12:0 a.m.•32 views

Dredge School Administration System - DSMloader.php Cross-Site Request Forgery (Admin Account Manipulation)

Dredge School Administration System - DSMloader.php Cross-Site Request Forgery Admin Account Manipulation source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site...

0.3AI score

Exploits0

exploitpack•added 2013/12/30 12:0 a.m.•17 views

CMS Afroditi - id SQL Injection

CMS Afroditi - id SQL Injection source: https://www.securityfocus.com/bid/64572/info CMS Afroditi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise th...

0.2AI score

Exploits0

exploitpack•added 2013/12/15 12:0 a.m.•13 views

iScripts AutoHoster - fname Local File Inclusion

iScripts AutoHoster - fname Local File Inclusion source: https://www.securityfocus.com/bid/64377/info iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the...

7.4AI score

Exploits0

Exploit DB•added 2013/12/14 12:0 a.m.•26 views

Osclass - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/64386/info Osclass is prone to the following input-validation vulnerabilities: 1. A cross-site request-forgery vulnerability 2. Multiple directory-traversal vulnerabilities 3. An SQL-injection vulnerability Exploiting these issues may allow a remote...

7.4AI score

Exploits0

exploitpack•added 2013/12/06 12:0 a.m.•11 views

Enorth Webpublisher CMS - thisday SQL Injection

Enorth Webpublisher CMS - thisday SQL Injection source: https://www.securityfocus.com/bid/64110/info Enorth Webpublisher is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit will allow an attacker to compromise the...

Exploits0

Exploit DB•added 2013/12/06 12:0 a.m.•31 views

NeoBill - '/install/include/solidstate.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/64112/info NeoBill is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent...

7.4AI score

Exploits0

Tenable Nessus•added 2013/12/04 12:0 a.m.•39 views

Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2040-1)

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmenttation Offload UFO. An unprivileged...

6.9CVSS7.2AI score0.00804EPSS

Exploits2References3

OpenVAS•added 2013/12/04 12:0 a.m.•43 views

Ubuntu Update for linux-ti-omap4 USN-2044-1

Check for the Version of linux-ti-omap4 OpenVAS Vulnerability Test $Id: gbubuntuUSN20441.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for linux-ti-omap4 USN-2044-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is...

6.9CVSS7.3AI score0.00804EPSS

Exploits2References2

RedHat Linux•added 2013/11/14 5:32 p.m.•1 views

kernel: dm: dm-snapshot data leak

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device...

6CVSS6.8AI score0.00804EPSS

Exploits1References4

NVD•added 2013/11/05 8:55 p.m.•10 views

CVE-2013-3264

The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to 1 list/edit.php and 2 campaign/editCampaign.php, which allows remote attackers to modify list or campaign data...

6.4CVSS6.8AI score0.00674EPSS

Exploits0References2

OSV•added 2013/10/24 10:53 a.m.•1 views

DEBIAN-CVE-2013-4299

6CVSS6.5AI score0.00804EPSS

Exploits1References1

Prion•added 2013/10/24 10:53 a.m.•18 views

Input validation

6CVSS6AI score0.00804EPSS

Exploits1References27Affected Software2

CVE•added 2013/10/24 10:0 a.m.•132 views

CVE-2013-4299

CVE-2013-4299 – Linux kernel (up to 3.11.6) Root cause: Interpretation conflict in drivers/md/dm-snap-persistent.c within the Linux kernel up to version 3.11.6. Impact: Remote authenticated users can obtain sensitive information or modify data by issuing a crafted mapping to a snapshot block devi...

6CVSS5.8AI score0.00804EPSS

Exploits1References27Affected Software1

OSV•added 2013/10/24 12:0 a.m.•1 views

UBUNTU-CVE-2013-4299

6CVSS6.8AI score0.00804EPSS

Exploits1References16

RedHat Linux•added 2013/10/22 5:17 p.m.•1 views

kernel: dm: dm-snapshot data leak

6CVSS6.8AI score0.00804EPSS

Exploits1References4

Rows per page