CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10439 matches found

OpenVAS•added 2012/06/08 12:0 a.m.•21 views

MyBB 'member.php' SQLi Vulnerability

MyBB is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb"; ifdescription...

8.1AI score

Exploits0References3

exploitpack•added 2012/06/06 12:0 a.m.•7 views

MyBB 1.6.8 - member.php SQL Injection

MyBB 1.6.8 - member.php SQL Injection source: https://www.securityfocus.com/bid/53814/info MyBB is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromi...

0.1AI score

Exploits0

Exploit DB•added 2012/06/03 12:0 a.m.•24 views

Ignite Solutions CMS - 'car-details.php' SQL Injection

source: https://www.securityfocus.com/bid/53771/info Ignite Solutions CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

7.4AI score

Exploits0

NVD•added 2012/05/24 12:55 a.m.•12 views

CVE-2011-5090

GR Board aka grboard 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to 1 modrewrite.php, 2 commentwriteok.php, 3 poll/index.php, 4 update/index.php, 5 trackback.php, or 6 an arbitrary...

6.4CVSS7AI score0.00527EPSS

Exploits1References2

ATTACKERKB•added 2012/05/24 12:55 a.m.•2 views

CVE-2011-5090

6.4CVSS5.8AI score0.00527EPSS

Exploits1References3

Cvelist•added 2012/05/24 12:0 a.m.•13 views

CVE-2011-5090

7AI score0.00527EPSS

Exploits1References2

CVE•added 2012/05/24 12:0 a.m.•36 views

CVE-2011-5090

GR Board (grboard) version 1.8.6.5 Community Edition exposes an unauthenticated ability to modify or delete data via specific endpoints: mod_rewrite.php, comment_write_ok.php, poll/index.php, update/index.php, trackback.php, or an arbitrary poll.php under theme/. The issue stems from missing auth...

6.4CVSS7.2AI score0.00527EPSS

Exploits1References2Affected Software1

Exploit DB•added 2012/05/15 12:0 a.m.•31 views

WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/53531/info Pretty Link Lite plugin for WordPress is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow an attacker to steal cookie-based...

7.4AI score

Exploits0

Packet Storm•added 2012/05/14 12:0 a.m.•22 views

Galette SQL Injection

Source: http://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...

7.5CVSS0.1AI score0.00169EPSS

Exploits2

Exploit DB•added 2012/05/09 12:0 a.m.•25 views

OrangeHRM 2.7 RC - 'index.php?URI' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify...

7.4AI score

Exploits0

seebug.org•added 2012/05/09 12:0 a.m.•5 views

MyBB 1.6.7之前版本多个安全漏洞

BUGTRAQ ID: 53417 MyBB是一款流行的Web论坛程序。 MyBB 1.6.7之前版本在实现上存在多个安全漏洞，成功利用后可允许攻击者执行任意脚本代码、窃取Cookie身份验证凭证、控制应用、访问或修改数据或利用底层数据库中的其他漏洞并访问敏感数据。 0 MyBB 1.6.x MyBB 1.4.x 厂商补丁： MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mybboard.com/...

6.9AI score

Exploits0

exploitpack•added 2012/05/09 12:0 a.m.•18 views

OrangeHRM 2.7 RC - index.php?URI Cross-Site Scripting

OrangeHRM 2.7 RC - index.php?URI Cross-Site Scripting source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication...

6.8AI score

Exploits0

Exploit DB•added 2012/05/09 12:0 a.m.•30 views

OrangeHRM 2.7 RC - '/templates/hrfunct/emppop.php?sortOrder1' Cross-Site Scripting

7.4AI score

Exploits0

Exploit DB•added 2012/05/09 12:0 a.m.•33 views

OrangeHRM 2.7 RC - '/plugins/ajaxCalls/haltResumeHsp.php?newHspStatus' Cross-Site Scripting

7.4AI score

Exploits0

Exploit DB•added 2012/05/07 12:0 a.m.•45 views

Lynx Message Server - Multiple Vulnerabilities

Summary The Micro Technology Services Inc. "Lynx Message Server 7.11.10.2" and/or "LynxTCPService version 1.1.62" web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a "Facility wide Duress and Emergency Notification" system...

7.4AI score

Exploits0

Exploit DB•added 2012/04/26 12:0 a.m.•29 views

Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/53268/info concrete5 is prone to information-disclosure, SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to harvest sensitive information, compromi...

7AI score

Exploits0

Exploit DB•added 2012/04/23 12:0 a.m.•25 views

Joomla! Component CCNewsLetter 1.0.7 - 'id' SQL Injection

source: https://www.securityfocus.com/bid/53208/info The CCNewsLetter module for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the applicatio...

7.4AI score

Exploits0

Prion•added 2012/04/18 10:33 a.m.•16 views

Code injection

Unspecified vulnerability in HP System Management Homepage SMH before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors...

3.2CVSS6.3AI score0.00076EPSS

Exploits0References3Affected Software1

CVE•added 2012/04/18 10:0 a.m.•62 views

CVE-2012-1993

HP System Management Homepage (SMH) prior to version 7.0 is affected by an unspecified vulnerability that allows local users to modify data or obtain sensitive information via unknown vectors. The public material provided does not specify the root cause, exact vulnerable components, affected vers...

3.2CVSS5.9AI score0.00076EPSS

Exploits0References3Affected Software1

Exploit DB•added 2012/04/15 12:0 a.m.•30 views

Seditio CMS 165 - 'plug.php' SQL Injection

source: https://www.securityfocus.com/bid/53036/info Seditio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by