Lucene search
K

2869 matches found

securityvulns
securityvulns
added 2006/03/03 12:0 a.m.46 views

Apple MacOS X passwd privilege escalation

Few vulnerabilities symbolic links, race conditions allow any system files editing...

3.5AI score
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2006/02/28 12:0 a.m.35 views

[SA19048] LanSuite LanParty Intranet System "fid" SQL Injection

TITLE: LanSuite LanParty Intranet System "fid" SQL Injection SECUNIA ADVISORY ID: SA19048 VERIFY ADVISORY: http://secunia.com/advisories/19048/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: LanSuite LanParty Intranet System 2.x...

1AI score
Exploits0
securityvulns
securityvulns
added 2006/02/05 12:0 a.m.31 views

[Full-disclosure] cPanel 10 File Editing Vulnerability

In cPanel 10, the script "erredit.html," which is supposed to edit a specific set of files, can edit any file acessible by the cPanel. Example: http://www.example.com:2082/frontend/x/err/erredit.html?dir=publichtml/&file=index.php...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/01/07 12:0 a.m.93 views

[SA18325] OnePlug CMS SQL Injection Vulnerabilities

TITLE: OnePlug CMS SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA18325 VERIFY ADVISORY: http://secunia.com/advisories/18325/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: OnePlug CMS http://secunia.com/product/6753/ DESCRIPTION: Preddy has reported...

0.4AI score
Exploits0
CVE
CVE
added 2005/12/22 11:0 p.m.53 views

CVE-2005-3537

CVE-2005-3537 affects phpBB 2 before 2.0.18, with a missing input/request validation flaw that enables remote attackers to edit private messages of other users by tampering with parameters or inputs. Public records in multiple feeds (NVD, Debian DSA, Red Hat, OpenVAS listings) confirm the vulnera...

5CVSS6.3AI score0.01417EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2005/12/14 12:0 a.m.26 views

Ad Manager Pro SQL vuln.

Ad Manager Pro SQL vuln. Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/ad-manager-pro-sql-vuln.html vendor:www.phpwebscripts.com/admanagerpro/ affected version:2.0 and prior Product Description: Quality ad management system. Graphical or text-bas...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2005/12/05 12:0 a.m.41 views

Hot Links Pro 3.x XSS vuln.

Hot Links Pro 3.x XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/hot-links-pro-3x-xss-vuln.html vendor:http://www.mrcgiguy.com/hl3details.shtml affected version:3.x and prior Product Description: Directory style index allows for easy...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2005/11/30 12:0 a.m.25 views

PBLangXSS.txt

Who's got the magic stick? It sure as hell ain't 50 Cent. Excuse me for posting again within minutes but I did not properly check the other forms. In UCP.php, when editing your profile, in several fields you can inject code into the page, just as in the SendPm.php. EX: Input table: "URL"...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/11/28 12:0 a.m.28 views

Geeklog 1.4.x Full Path Disclosure vuln.

Geeklog 1.4.x Full Path Disclosure vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html Vendor:http://www.geeklog.net/ affected version:1.4.0 Beta 1 and prior Product Description: Geeklog is a Web Portal...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2005/11/26 12:0 a.m.55 views

Fantastic News "category" SQL inj.

Fantastic News "category" SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/fantastic-news-category-sql-inj.html Vendor:www.fscripts.com Product link:http://fscripts.com/free.php?id=1 affected version: 2.1.1 and prior Product description:...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2005/11/24 12:0 a.m.53 views

Softbiz Web Host Directory Script Multiple vuln.

Softbiz Web Host Directory Script Multiple vuln. Vuln. dicovered by : r0t Date: 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/web-host-directory-script-multiple.html Vendor:www.softbizscripts.com Product link:http://www.softbizscripts.com/web-hosting-directory-script.php...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2005/11/23 12:0 a.m.27 views

Vote Caster 3.x SQL Inj. Vuln.

Vote Caster 3.x SQL Inj. Vuln. Vuln. dicovered by : r0t Date 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/vote-caster-3x-sql-inj-vuln.html Vendor:http://www.comdevweb.com/ Product link:http://www.comdevweb.com/votecaster.php affected version: 3.1 and prior. Vuln. Description:...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2005/11/20 12:0 a.m.21 views

almondClassifieds.txt

A vulnerability discovered in Almond Classifeds http://www.almondsoft.com/alcl.html vulnerability is due omit check of password in "editform" user can edit any add in the classifieds if we post new add we can edit our add in the "editform" section there are 2 hidden fields: by changing the number...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/11/07 12:0 a.m.27 views

Баг в vBulletin 3.x

Здравствуйте. Проверялись версии 3.0.3 и 3.0.9 Поле профиля Статус воспринимает опасные html-тэги по умолчанию эта опция включена и может использоваться для выполнения атак типа XSS а также некоторых других корыстных целях теми, кто может менять свой статус по умолчанию администрация, начиная от...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2005/09/15 12:0 a.m.45 views

Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution

Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution software: site: http://www.digital-scribe.org/ description: "Teachers have full control through a web-based interface. Designed for easy installation and even easier use, the Digital Scribe has been used in thousands of...

1.3AI score
Exploits0
securityvulns
securityvulns
added 2005/08/09 12:0 a.m.26 views

[SA16353] PHPLite Calendar Express Two Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/07/20 12:0 a.m.27 views

[SA16134] ReviewPost PHP Pro "sort" SQL Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2005/06/28 12:0 a.m.27 views

[SA15818] Dynamic Biz Website Builder Admin Login SQL Injection

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.5AI score
Exploits0
Cvelist
Cvelist
added 2005/06/01 4:0 a.m.18 views

CVE-2005-1817

Invision Power Board IPB 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters...

6.8AI score0.01744EPSS
Exploits1References1
NVD
NVD
added 2005/06/01 4:0 a.m.18 views

CVE-2005-1817

Invision Power Board IPB 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters...

5CVSS6.8AI score0.01744EPSS
Exploits1References1
Rows per page
Query Builder