Lucene search
K

80 matches found

CNVD
CNVD
added 2017/12/25 12:0 a.m.2 views

Horde Groupware SQL Injection Vulnerability

Horde Groupware is an enterprise browser based on the Communication Suite from Horde USA. The browser supports sending and receiving e-mail, managing and sharing calendars, contacts and tasks, and more. A SQL injection vulnerability exists in Horde Groupware 5.2.22 and earlier versions. A remote...

8.3AI score
Exploits0References1
Prion
Prion
added 2017/12/13 9:29 a.m.14 views

Sql injection

FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or companydetails.php id parameter...

7.5CVSS9.9AI score0.02978EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2016/11/03 12:0 a.m.2 views

SQL Injection Vulnerability in Digital China Internet Behavior Management System's page_group Parameter

Digital China Internet Behavior Management System is an Internet behavior logging system that fully owns the network behavior analysis management system, integrating hardware and software architecture, behavior analysis engine, management and control policies, analyzing network activities in real...

8.1AI score
Exploits0References1
Cvelist
Cvelist
added 2015/02/17 1:0 a.m.24 views

CVE-2014-8023

Cisco Adaptive Security Appliance ASA Software 9.2.3 and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID...

6.4AI score0.01782EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2014/10/21 2:55 p.m.1 views

CVE-2014-8375

SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selectedgroup parameter in a gbajaxgetgroup action to wp-admin/admin-ajax.php...

6.5CVSS6.4AI score0.0323EPSS
Exploits1References4
Prion
Prion
added 2014/09/04 2:55 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the group moderation screen in the control center control.php in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter...

4.3CVSS6.1AI score0.0229EPSS
Exploits3References7Affected Software1
Cvelist
Cvelist
added 2014/09/04 2:0 p.m.31 views

CVE-2012-4234

Cross-site scripting XSS vulnerability in the group moderation screen in the control center control.php in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter...

5.6AI score0.0229EPSS
Exploits3References7
Packet Storm
Packet Storm
added 2012/12/13 12:0 a.m.29 views

Addressbook 8.1.24.1 / 8.2.5 Cross Site Scripting

Instructions. After authentication, click on the Group tab at the top. Click on the New Group Button on the group page. For the group name the first field enter the following XSS test string: alertString.fromCharCode88,83,83 Then call the XSS string from the URL -- technically one calls the group...

7.4AI score
Exploits0
NVD
NVD
added 2012/09/09 9:55 p.m.18 views

CVE-2011-5159

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

4.3CVSS5.6AI score0.01148EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2012/09/09 9:55 p.m.2 views

CVE-2011-5159

Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...

4.3CVSS5.7AI score0.01367EPSS
Exploits0References4
NVD
NVD
added 2012/07/09 6:55 p.m.18 views

CVE-2012-2446

Cross-site scripting XSS vulnerability in tools/locallookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action...

4.3CVSS5.5AI score0.01058EPSS
Exploits6References2
Cvelist
Cvelist
added 2012/07/09 6:0 p.m.35 views

CVE-2012-2446

Cross-site scripting XSS vulnerability in tools/locallookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action...

5.5AI score0.01058EPSS
Exploits6References2
Cvelist
Cvelist
added 2009/11/27 8:45 p.m.29 views

CVE-2009-4088

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to 1 getjs.php and 2 getcsslocal.php; and include and execute arbitrary local files via the 3 group parameter to...

7.2AI score0.02796EPSS
Exploits1References8
Prion
Prion
added 2009/02/24 6:30 p.m.176 views

Sql injection

SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows remote attackers to execute arbitrary SQL commands via the group parameter...

7.5CVSS9.1AI score0.00973EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/12/20 12:46 a.m.2 views

CVE-2007-6466

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via 1 the prod parameter in a details action, 2 the cat parameter in a browse list action, or 3 the group parameter in a categories action. NOTE: it was later reported...

7.5CVSS6.4AI score0.01179EPSS
Exploits1References7
Cvelist
Cvelist
added 2007/10/11 10:0 a.m.23 views

CVE-2007-5370

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb DNews News Server 57e1 allow remote attackers to inject arbitrary web script or HTML via the 1 group or 2 utag parameter...

5.8AI score0.01786EPSS
Exploits0References7
seebug.org
seebug.org
added 2007/07/08 12:0 a.m.23 views

SAP消息服务器Group参数远程堆溢出漏洞

BUGTRAQ ID: 24765 SAP消息服务器是SAP设备所使用的用于交换数据和内部消息的服务。 SAP消息服务器在处理畸形的GET请求时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 如果远程攻击者向监听在SAP设备TCP 8100端口上的消息服务器发送了畸形的GET请求,并将URL /msgserver/html/group的Group参数指定为498字节,就可能触发堆溢出,导致拒绝服务或以系统权限执行任意指令。 SAP Message Server 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.sap.com/ GET...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2006/06/29 1:0 a.m.18 views

CVE-2006-3299

Cross-site scripting XSS vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter...

5.7AI score0.01914EPSS
Exploits1References6
OSV
OSV
added 2005/12/04 11:3 a.m.1 views

DEBIAN-CVE-2005-3980

SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter...

7.5CVSS8.8AI score0.03264EPSS
Exploits1References1
NVD
NVD
added 2005/07/19 4:0 a.m.18 views

CVE-2005-2322

Cross-site scripting XSS vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the 1 viewuserid or 2 group parameter to users.php...

4.3CVSS5.7AI score0.01382EPSS
Exploits1References6
Rows per page
Query Builder