Lucene search
K

2869 matches found

securityvulns
securityvulns
added 2006/11/06 12:0 a.m.48 views

Stanford university SCARF user editing

vendor:Someone at Stanford university site:http://sourceforge.net/projects/scarf/ vuln: There is no admin check on the file generaloptions.php So anyone can go in and make some changes. One thing to do would be create a user, then go into general options and change your user to an admin. You can...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.27 views

Debian DSA-1116-1 : gimp - buffer overflow

Henning Makholm discovered a buffer overflow in the XCF loading code of Gimp, an image editing program. Opening a specially crafted XCF image might cause the application to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

5.1CVSS6.2AI score0.05044EPSS
Exploits0References2
securityvulns
securityvulns
added 2006/08/28 12:0 a.m.36 views

Sql injection in Mambo & Joomla

Hi, There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 and maybe other versions : The codes are from Mambo 4.6 RC2 & some may be different in Joomla When a user edits a content, the "id" parameter is not checked properly in /components/comcontent/content.php, which can cause 2 sql...

0.8AI score
Exploits0
FreeBSD
FreeBSD
added 2006/08/26 12:0 a.m.10 views

mambo -- multiple SQL injection vulnerabilities

James Bercegay reports: Mambo is vulnerable to an Authentication Bypass issue that is due to an SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function. Omid reports: There are several s...

5.9AI score
Exploits0References6
securityvulns
securityvulns
added 2006/06/02 12:0 a.m.26990 views

уязвимость в Sad Raven's guestbook

доброе время суток. Недавно я нашел уязвимость в Sad Raven's guestbook версии 1.1, которая позволяет любому пользователю получить доступ в админ-центр. Заранее прошу извинить, если эту уязвимость уже кто-то нашел, но я не нашел нигде о ней никакого упоминания. Все говорят только о том, что пароли...

1AI score
Exploits0
securityvulns
securityvulns
added 2006/05/27 12:0 a.m.39 views

Super Link Exchange Script v1.0

Super Link Exchange Script v1.0 Homepage: http://www.ebizunion.com/guidetosuper.php Description: Main Features: 1. Add unlimited nested category/sub-category, 2. Can check reciprocal link back, 3. Can hide and delete no link back sites. 4. Template can be edited and suitable to fit your current...

6.2AI score
Exploits0
Cvelist
Cvelist
added 2006/05/25 10:0 a.m.25 views

CVE-2006-2582

The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors...

7.4AI score0.01555EPSS
Exploits0References3
securityvulns
securityvulns
added 2006/05/01 12:0 a.m.34 views

Avactis Shopping Cart vuln.

Avactis Shopping Cart vuln. Vuln. discovered by : r0t Date: 1 may 2006 vendor:http://www.avactis.com affected versions:0.1.2 and prior orginal advisory: http://pridels.blogspot.com/2006/05/avactis-shopping-cart-vuln.html Vuln. Description: 1. sql inj. Avactis Shopping Cart contains a flaw that...

Exploits0
securityvulns
securityvulns
added 2006/04/26 12:0 a.m.122 views

Cartweaver ColdFusion vuln.

Cartweaver ColdFusion vuln. Vuln. discovered by : r0t Date: 25 april 2006 vendorlink:www.cartweaver.com affected versions:2.16.11 and previous orginal advisory:http://pridels.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html Vuln. Description: 1. SQL Injection vuln. Cartweaver ColdFusion...

0.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2006/04/21 3:41 p.m.3 views

security flaw

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

9.3CVSS5.8AI score0.07066EPSS
Exploits1References4
Cvelist
Cvelist
added 2006/04/20 6:0 p.m.17 views

CVE-2006-1910

config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6.6AI score0.01423EPSS
Exploits1References2
securityvulns
securityvulns
added 2006/04/17 12:0 a.m.41 views

phpLinks <= 2.1.3.1 XSS vuln.

phpLinks = 2.1.3.1 XSS vuln. Vuln. discovered by : r0t Date: 16 april 2006 vendorlink:http://sourceforge.net/projects/phplinks/ affected versions:phpLinks 2.1.3.1 and previous orginal advisory: http://pridels.blogspot.com/2006/04/phplinks-2131-xss-vuln.html Vuln. Description: phpLinks contains a...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/04/17 12:0 a.m.25 views

phpWebFTP index.php language Parameter Local File Inclusion

The remote host is running phpWebFTP, a web-based FTP client written in PHP. The version of phpWebFTP installed on the remote host fails to sanitize user-supplied input to the 'language' parameter of the 'index.php' script before using it in a PHP 'include' function. An unauthenticated attacker m...

6.4CVSS6.3AI score0.01764EPSS
Exploits0References2
securityvulns
securityvulns
added 2006/04/16 12:0 a.m.26 views

Musicbox vuln.

Musicbox vuln. Vuln. discovered by : r0t Date: 16 april 2006 vendorlink:http://www.musicboxv2.com/ affected versions:2.3.3 and previous orginal advisory:http://pridels.blogspot.com/2006/04/musicbox-vuln.html Vuln. Description: 1. Input passed to the "term" parameter when performing a search isn't...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2006/04/10 12:0 a.m.51 views

APT-webshop-system vuln.

APT-webshop-system vuln. Vuln. discovered by : r0t Date: 9 april 2006 vendor:http://www.apt-webservice.de/shopsoftware/ affected versions: 4.0 PRO 3.0 BASIC 3.0 LIGHT orginal advisory: http://pridels.blogspot.com/2006/04/apt-webshop-system-vuln.html Vuln. description: 1. SQL injection vuln...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2006/03/28 12:0 a.m.34 views

classifiedZONE v1.2 XSS vuln.

classifiedZONE v1.2 XSS vuln. Vuln. discovered by : r0t Date: 28 march 2006 vendor:http://www.fusionzone.com/applications/classifieds/ affected versions:v.1.2 and prior Vuln. Description: classifiedZONE contains a flaw that allows a remote cross site scripting attack. This flaw exists because inp...

6.3AI score
Exploits0
securityvulns
securityvulns
added 2006/03/28 12:0 a.m.45 views

couponZONE v.4.2 Multiple vuln.

couponZONE v.4.2 Multiple vuln. Vuln. discovered by : r0t Date: 28 march 2006 vendor:http://www.fusionzone.com/applications/coupons affected versions:v.4.2 and prior orginal advisory:http://pridels.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html Vuln. Description: 1. SQL vuln. couponZONE...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2006/03/27 12:0 a.m.32 views

[SA19415] Absolute Live Support XE Script Insertion Vulnerability

TITLE: Absolute Live Support XE Script Insertion Vulnerability SECUNIA ADVISORY ID: SA19415 VERIFY ADVISORY: http://secunia.com/advisories/19415/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Absolute Live Support XE 2.x http://secunia.com/product/8929/...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/03/25 12:0 a.m.34 views

SweetSuite.NET - ssCMS 2.1.x XSS vuln.

SweetSuite.NET - ssCMS 2.1.x XSS vuln. Vuln. discovered by : r0t Date: 25 march 2006 vendor: www.sweetsuite.net/ssCMSMain.aspx affected versions: 2.1.0 and prior orginal advisory: http://pridels.blogspot.com/2006/03/sweetsuitenet-sscms-21x-xss-vuln.html Vuln. Description: ssCMS contains a flaw th...

5.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2006/03/15 2:6 p.m.5 views

security flaw

crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235...

2.1CVSS5.8AI score0.00539EPSS
Exploits1References4
Rows per page
Query Builder