CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

0day.today•added 2010/02/23 12:0 a.m.•21 views

Php Auktion Pro SQL (news.php) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== Php Auktion Pro SQL news.php SQL Injection Vulnerability ==========================================================...

Exploit DB•added 2010/02/23 12:0 a.m.•33 views

Top Auktion - 'news.php' SQL Injection

----------------------------Information------------------------------------------------ +Name : Top Auktion SQL Injection news.php +Autor : Easy Laster +Date : 22.10.2010 +Script : Top Auktion +Price : 34,90€ +Language : PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz...

7AI score

Packet Storm•added 2010/02/23 12:0 a.m.•26 views

Ero Auktion 2010 SQL Injection

----------------------------Information---------------------------------------- +Autor : Easy Laster +Date : 21.10.2010 +Script : Ero Auktion 2010 SQL Injection news.php +Download : ----- +Demo :http://wp1072278.vwp3485.webpack.hosteurope.de/demoserver/flashauktion2010/ +Price : 39,90 +Language...

0.8AI score

securityvulns•added 2010/02/22 12:0 a.m.•92 views

[Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-004: SAP J2EE Authentication Phishing Vector This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

Exploit DB•added 2010/02/22 12:0 a.m.•25 views

Ero Auktion 2.0 - 'news.php' SQL Injection

----------------------------Information---------------------------------------- +Autor : Easy Laster +Date : 21.10.2010 +Script : Ero Auktion V.2.0 SQL Injection news.php +Download : ----- +Price : 34,90€ +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to...

0day.today•added 2010/02/22 12:0 a.m.•20 views

Ero Auktion v2.0 (news.php) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================= Ero Auktion v2.0 news.php SQL Injection Vulnerability =======================================================...

Core Security•added 2010/02/09 12:0 a.m.•31 views

Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability

Advisory ID Internal CORE-2009-0827 1. Advisory Information Title: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability Advisory Id: CORE-2009-0827 Date published: 2010-02-09 Date of last update: 2010-02-08 Vendors contacted: Microsoft Release mode: Coordinated...

9.3CVSS7.1AI score0.43397EPSS

securityvulns•added 2010/02/04 12:0 a.m.•90 views

CORE-2009-0625: Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities 1. Advisory Information Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing...

4.3CVSS7.7AI score0.49262EPSS

Exploits5

securityvulns•added 2010/02/04 12:0 a.m.•106 views

[CORE-2010-0106] Cisco Secure Desktop XSS/JavaScript Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Cisco Secure Desktop XSS/JavaScript Injection 1. Advisory Information Title: Cisco Secure Desktop XSS/JavaScript Injection Advisory Id: CORE-2010-0106 Advisory URL:...

4.3CVSS0.3064EPSS

Exploits2

Core Security•added 2010/02/01 12:0 a.m.•107 views

Cisco Secure Desktop XSS/JavaScript Injection

1. Advisory Information Title: Cisco Secure Desktop XSS/JavaScript Injection Advisory Id: CORE-2010-0106 Advisory URL:http://www.coresecurity.com/core-labs/advisories/cisco-secure-desktop-xss Date published: 2010-02-01 Date of last update: 2010-02-01 Vendors contacted: Cisco Release mode:...

4.3CVSS5.7AI score0.3064EPSS

Exploits2

exploitpack•added 2010/01/30 12:0 a.m.•13 views

IPB (nv2) Awards 1.1.0 - SQL Injection

IPB nv2 Awards 1.1.0 - SQL Injection + + Author: fred777 - fred777.de + Link: http://forums.invisionize.com/nv2-Awards-120-t137847.html + Vuln: index.php?autocom=awards&do=view&id=1 + Greetzz to: Back2hack.cc + Contact: [email protected] + -- Vuln Code -- $this-ipsclass-DB-buildquery...

0.6AI score

Exploit DB•added 2010/01/30 12:0 a.m.•39 views

IPB (nv2) Awards < 1.1.0 - SQL Injection

Author: fred777 - fred777.de + Link: http://forums.invisionize.com/nv2-Awards-120-t137847.html + Vuln: index.php?autocom=awards&do=view&id=1 + Greetzz to: Back2hack.cc + Contact: [email protected] + -- Vuln Code -- $this-ipsclass-DB-buildquery array 'select' = 'a.userid', 'from' =...

erpscan•added 2010/01/29 12:0 a.m.•68 views

Oracle Document Capture ImportBodyText — read files

Application: Oracle Document Capture Versions Affected: 10.1350.0005 Vendor URL: Oracle Bugs: Unsecure READ method Exploits: YES Reported: 29.01.2010 Second report: 02.02.2010 Date of Public Advisory: 24.01.2010 CVE-number:CVE-2010-3595 Author: Alexey Sintsov Description EasyMail ActiveX Control...

7.8CVSS1.5AI score0.28808EPSS

Exploits5

seebug.org•added 2010/01/26 12:0 a.m.•9 views

Safari 4.0.4 Crash

No description provided by source. The following piece of javascript will crash Safari nicely when triggered using one \ of the methods described below. With my limited knowledge I am unable to tell if \ it's exploitable or not. I therefore turn it over to "the internet". tested on \ Safari 4.0.4...

securityvulns•added 2010/01/17 12:0 a.m.•33 views

[CORE-2009-1209] Google SketchUp 'lib3ds' 3DS Importer Memory Corruption

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Google SketchUp 'lib3ds' 3DS Importer Memory Corruption 1. Advisory Information Title: Google SketchUp 'lib3ds' 3DS Importer Memory Corruption Advisory Id:...

9.3CVSS0.1AI score0.0348EPSS

Exploits1

Packet Storm•added 2010/01/16 12:0 a.m.•21 views

Testlink TestManagement And Execution System Directory Traversal

1.Title :Multiple Directory traversal Vulnerabilites in Testlink Test Management and Execution System. Discovered by: Prashant Khandelwal [email protected] 2.Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: No 3.Vulnerable packages. Version...

Packet Storm•added 2010/01/16 12:0 a.m.•14 views

Testlink TestManagement And Execution System Cross Site Scripting

1.Title :Cross site scriping Vulnerabilites in Testlink TestManagement and Execution System. Discovered by: Prashant Khandelwal [email protected] 2.Vulnerability Information Class: Cross site scriping Impact :Code execution Remotely Exploitable: Yes Locally Exploitable: No 3. Vulnerable...

Core Security•added 2010/01/13 12:0 a.m.•24 views

Google SketchUp 'lib3ds' 3DS Importer Memory Corruption

Advisory ID Internal CORE-2009-1209 1. Advisory Information Title: Google SketchUp 'lib3ds' 3DS Importer Memory Corruption Advisory Id: CORE-2009-1209 Advisory URL:www.coresecurity.com/core-labs/advisories/google-sketchup-vulnerability Date published: 2010-01-13 Date of last update: 2010-01-12...

9.3CVSS7.5AI score0.0348EPSS

Exploits1

Exploit DB•added 2010/01/12 12:0 a.m.•29 views

iOS Udisk FTP Basic Edition - Remote Denial of Service

!/usr/bin/python Apple Iphone/Ipod - Udisk FTP Basic Edition Remote 0day DOS exploit Found by: Steven Seeley mrme seeleymagic at hotmail dot com Homepage: http://6tags.com/n/ Price: $4.99 Download: From the app store use your itunes account Tested on: Iphone 3G - firmware 3.1.2 Darwin kernel Gree...