CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1284 matches found

Prion•added 2010/01/06 10:0 p.m.•11 views

Improper access control

UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb...

5CVSS6.9AI score0.02588EPSS

Exploits1References5

Cvelist•added 2010/01/06 9:33 p.m.•29 views

CVE-2009-4585

6.3AI score0.02588EPSS

Exploits1References5

Prion•added 2010/01/04 5:30 p.m.•14 views

Improper access control

Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb...

5CVSS6.9AI score0.02229EPSS

Exploits0References2Affected Software1

Prion•added 2009/12/29 8:41 p.m.•8 views

Authentication flaw

Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php...

7.5CVSS7.5AI score0.02551EPSS

Exploits1References5Affected Software1

Cvelist•added 2009/12/29 8:15 p.m.•14 views

CVE-2009-4447

Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php...

6.9AI score0.02551EPSS

Exploits1References5

UbuntuCve•added 2009/12/24 4:30 p.m.•22 views

CVE-2009-4412

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of...

6CVSS6.2AI score0.01852EPSS

Exploits0References1

Prion•added 2009/12/10 4:30 p.m.•9 views

Design/Logic Flaw

Harold Bakker's NewsScript HB-NS 1.3 allows remote attackers to obtain access to the admin control panel via a direct request to admin.php...

7.5CVSS7.1AI score0.0134EPSS

Exploits1References2Affected Software1

NVD•added 2009/11/29 1:8 p.m.•16 views

CVE-2009-4096

RADIO istek scripti 2.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user credentials via a direct request for estafresgaftesantusyan.inc...

7.5CVSS6.3AI score0.02349EPSS

Exploits1References4

Prion•added 2009/11/29 1:8 p.m.•14 views

Improper access control

7.5CVSS6.8AI score0.02349EPSS

Exploits1References4Affected Software1

NVD•added 2009/11/16 8:30 p.m.•7 views

CVE-2009-3946

Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request...

5CVSS6.6AI score0.01218EPSS

Exploits0References4

NVD•added 2009/10/22 5:30 p.m.•20 views

CVE-2009-3756

phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to 1 footer.php, 2 header.php, 3 the show action in advancedsearch.php, and 4 choicelist.php, which reveals the installation path in an error message...

5CVSS6.1AI score0.02286EPSS

Exploits0References2

Prion•added 2009/10/16 4:30 p.m.•9 views

Unrestricted file upload

Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in smilies/...

6.5CVSS7.8AI score0.0357EPSS

Exploits0References4Affected Software1

Cvelist•added 2009/10/16 4:0 p.m.•23 views

CVE-2009-3716

7.3AI score0.0357EPSS

Exploits0References4

Prion•added 2009/10/08 5:30 p.m.•9 views

Information disclosure

HUBScript 1.0 allows remote attackers to obtain configuration information via a direct request to manage/phpinfo.php, which calls the phpinfo function...

5CVSS6.9AI score0.01353EPSS

Exploits1References4Affected Software1

Prion•added 2009/10/08 5:30 p.m.•15 views

Improper access control

Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd...

5CVSS6.9AI score0.03205EPSS

Exploits0References2Affected Software1

Cvelist•added 2009/09/11 8:0 p.m.•13 views

CVE-2009-3173

Unrestricted file upload vulnerability in admin/addalbum.php in The Rat CMS Alpha 2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/...

7.7AI score0.03468EPSS

Exploits0References3

Prion•added 2009/09/11 4:30 p.m.•11 views

Unrestricted file upload

Unrestricted file upload vulnerability in the add2 action in aupload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request ...

7.5CVSS8.4AI score0.06007EPSS

Exploits1References9Affected Software1

NVD•added 2009/09/11 4:30 p.m.•17 views

CVE-2008-7209

7.5CVSS7.8AI score0.06007EPSS

Exploits1References9

Prion•added 2009/09/09 5:30 p.m.•12 views

Information disclosure

Coppermine Photo Gallery CPG 1.4.14 allows remote attackers to obtain sensitive information via a direct request to include/slideshow.inc.php, which leaks the installation path in an error message...

5CVSS6.6AI score0.01339EPSS

Exploits1References4Affected Software1

NVD•added 2009/09/08 10:30 a.m.•15 views

CVE-2008-7180

delquery1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable...

5CVSS6.7AI score0.0162EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by