Lucene search
K

1201 matches found

FreeBSD
FreeBSD
added 2013/02/06 12:0 a.m.39 views

piwigo -- CSRF/Path Traversal

High-Tech Bridge Security Research Lab reports: The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in "/admin.php" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...

6.6AI score
Exploits0References3
securityvulns
securityvulns
added 2013/01/28 12:0 a.m.79 views

Cross-Site Scripting (XSS) vulnerability in gpEasy

Advisory ID: HTB23137 Product: gpEasy Vendor: gpeasy Vulnerable Versions: 3.5.2 and probably prior Tested Version: 3.5.2 Vendor Notification: January 2, 2013 Vendor Patch: January 2, 2013 Public Disclosure: January 23, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

4.3CVSS6.4AI score0.04026EPSS
Exploits2
Prion
Prion
added 2012/09/18 2:55 p.m.23 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a 1 GET parameter, 2 POST parameter, or 3 Referer HTTP header...

4.3CVSS6AI score0.02142EPSS
Exploits0References3Affected Software2
securityvulns
securityvulns
added 2012/09/07 12:0 a.m.125 views

Cross-Site Scripting (XSS) Vulnerabilities in Flogr

Advisory ID: HTB23110 Product: Flogr Vendor: Flogr Vulnerable Versions: 2.5.6 and probably prior Tested Version: 2.5.6 Vendor Notification: August 15, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4336 CVSSv2 Base Score: 4.3...

4.3CVSS6.5AI score0.01631EPSS
Exploits3
Prion
Prion
added 2012/08/28 5:55 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via 1 $SERVER'HTTPHOST' or 2...

4.3CVSS6.2AI score0.01685EPSS
Exploits1References9Affected Software1
htbridge
htbridge
added 2012/08/15 12:0 a.m.71 views

Cross-Site Scripting (XSS) Vulnerabilities in Flogr

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Flogr, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS Vulnerabilities in Flogr: CVE-2012-4336 Input appended to the URL after /index.php is not properly sanitised before...

4.3CVSS5.9AI score0.01631EPSS
Exploits3Affected Software1
Packet Storm
Packet Storm
added 2012/05/07 12:0 a.m.33 views

NeXus Infotech CMS SQL Injection

Exploit title : NeXus Infotech CMS SQL Injection Vulnerability Date : May 05,2012 Author : gr00vehack3r Contact : groove.hacker7/a/t/gmail.com Homepage : www.gr00ve-hack3r.com Vendor : NeXus Infotech Vendor Site : http://www.nexusinfotech.org/ Google Dork : intext:"Powered By NeXus Infotech"...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/04/04 12:0 a.m.42 views

phpPaleo 4.8b156 Local File Inclusion

'phpPaleo' Local File Inclusion CVE-2012-1671 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in index.php for language handling that allows for local file inclusion using a null-byte attack on the 'lang' GET parameter. II...

6.8CVSS6.5AI score0.02573EPSS
Exploits7
Exploit DB
Exploit DB
added 2012/01/10 12:0 a.m.28 views

Pragyan CMS 3.0 - Remote File Disclosure

Title Pragyan CMS v 3.0 = Remote File Disclosure Author Or4nG.M4n Download http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2 vuln download.lib.php line 16 vuln index.php line 234 $GET'fileget' exploit...

7.4AI score
Exploits0
0day.today
0day.today
added 2011/09/18 12:0 a.m.24 views

Wordpress Relocate Upload Plugin 0.14 Remote File Inclusion

Exploit for php platform in category web applications Exploit Title: Relocate Upload Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/relocate-upload Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/09/07 12:0 a.m.34 views

MantisBT 1.2.7 Cross Site Scripting / Local File Inclusion

Vulnerability ID: HTB23045 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinmantisbt.html Product: MantisBT Vendor: www.mantisbt.org http://www.mantisbt.org/ Vulnerable Version: 1.2.7 and probably prior Tested Version: 1.2.7 Vendor Notification: 31 August 2011 Vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/04/20 12:0 a.m.27 views

docuFORM Mercury WebApp 6.16a/5.20 - Multiple Cross-Site Scripting Vulnerabilities

docuFORM Mercury WebApp 6.16a Multiple Cross-Site Scripting Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; alert1" / input type="hid...

7.4AI score
Exploits0
0day.today
0day.today
added 2011/02/22 12:0 a.m.33 views

Tomato Gallery 1.2 (logged only) Persistant Xss Vunerability

Exploit for php platform in category web applications author: lemlajt software link: http://tomatogallery.yzx.se/ version: 1.2 tested on: linux cve : poc0.1 : 1. http://localhost/www/cmsadmins/tomatogallery12/edit/index.php 2. click @ "Add Separator" and type: bla'';!--alert document.cookie=& in...

7.1AI score
Exploits0
0day.today
0day.today
added 2010/09/29 12:0 a.m.18 views

e107 v0.7.23 SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================== e107 v0.7.23 SQL Injection Vulnerability ======================================== Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/09/28 12:0 a.m.19 views

e107 0.7.23 - SQL Injection

e107 0.7.23 - SQL Injection Vulnerability ID: HTB22604 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1072.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 13 September 2010...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/09/27 12:0 a.m.94 views

SQL injection vulnerability in e107

Vulnerability ID: HTB22604 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1072.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 13 September 2010 Vulnerability Type: SQL Injectio...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2010/08/13 12:0 a.m.29 views

Apache JackRabbit 2.0.0 XPath Injection

Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...

7.4AI score
Exploits0
0day.today
0day.today
added 2010/08/11 12:0 a.m.17 views

Apache JackRabbit 2.0.0 webapp XPath Injection Vulnerabilty

Exploit for jsp platform in category web applications =========================================================== Apache JackRabbit 2.0.0 webapp XPath Injection Vulnerabilty =========================================================== Title: Apache JackRabbit webapp XPath Injection Author: ADEO...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/08/11 12:0 a.m.16 views

Apache JackRabbit 2.0.0 - webapp XPath Injection

Apache JackRabbit 2.0.0 - webapp XPath Injection Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip...

7.7AI score
Exploits0
Exploit DB
Exploit DB
added 2010/08/11 12:0 a.m.24 views

Apache JackRabbit 2.0.0 - webapp XPath Injection

Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...

7.4AI score
Exploits0
Rows per page
Query Builder