CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5900 matches found

Prion•added 2007/10/30 7:46 p.m.•13 views

Design/Logic Flaw

The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...

2.6CVSS6.6AI score0.01815EPSS

Exploits0References12Affected Software1

OSV•added 2007/10/30 7:46 p.m.•19 views

PYSEC-2007-1

2.6CVSS4.1AI score0.01815EPSS

Exploits0References13

NVD•added 2007/10/30 7:46 p.m.•13 views

CVE-2007-5712

2.6CVSS6.4AI score0.01815EPSS

Exploits0References12

Prion•added 2007/10/30 7:46 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the CAD service in IBM Tivoli Storage Manager TSM Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible...

4.3CVSS6AI score0.00495EPSS

Exploits0References6Affected Software1

NVD•added 2007/10/30 7:46 p.m.•18 views

CVE-2007-4348

4.3CVSS5.6AI score0.00495EPSS

Exploits0References6

Cvelist•added 2007/10/30 7:0 p.m.•26 views

CVE-2007-5712

6.2AI score0.01815EPSS

Exploits0References12

Debian CVE•added 2007/10/30 7:0 p.m.•13 views

CVE-2007-5712

2.6CVSS6.2AI score0.01815EPSS

Exploits0

Cvelist•added 2007/10/30 7:0 p.m.•19 views

CVE-2007-4348

5.6AI score0.00495EPSS

Exploits0References6

CVE•added 2007/10/30 7:0 p.m.•40 views

CVE-2007-4348

CVE-2007-4348 affects IBM Tivoli Storage Manager Client CAD Service (Windows) versions 5.3.5.3 and 5.4.1.2. The vulnerability arises from insufficient sanitisation of input in HTTP requests to port 1581, which is logged to dsmerror.log and exposed via a web interface. This XSS can allow remote at...

4.3CVSS5.6AI score0.00495EPSS

Exploits0References6Affected Software1

securityvulns•added 2007/10/29 12:0 a.m.•66 views

Secunia Research: IBM Tivoli Storage Manager Client CAD Service Script Insertion

====================================================================== Secunia Research 29/10/2007 - IBM Tivoli Storage Manager Client CAD Service Script Insertion - ====================================================================== Table of Contents Affected...

4.3CVSS1AI score0.00495EPSS

Exploits0

Packet Storm•added 2007/10/23 12:0 a.m.•30 views

smf-blind.txt

SMF is a very hardened php application. If anyone wants an example of some interesting PHP security SMF is a good place to look. Even after being able to injection SQL I had to take another step and bypass some difficult filters found in the dbquery function. Ultimately i was able to do so. This...

7.4AI score

Exploits0

Exploit DB•added 2007/10/20 12:0 a.m.•42 views

Simple Machines Forum (SMF) 1.1.3 - Blind SQL Injection

!/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL Injection filter. I submitted a...

7.4AI score

Exploits0

Packet Storm•added 2007/09/30 12:0 a.m.•18 views

mdpro1076-sql.txt

!/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author = "undefined1"; my $settings = "magicquotesruntime = off, mysql = 4.1.0"; $| = 1; print ":: $app $type - by $author ::\n\n\n"; my $url = shift || usage; if$url = m/^?:http://./ $url = $1;...

7.4AI score

Exploits0

exploitpack•added 2007/09/14 12:0 a.m.•33 views

Boa 0.93.15 - Administrator Password Overwrite Authentication Bypass

Boa 0.93.15 - Administrator Password Overwrite Authentication Bypass source: https://www.securityfocus.com/bid/25676/info Boa is prone to an authentication-bypass vulnerability because the application fails to ensure that passwords are not overwritten by specially crafted HTTP Requests. An attack...

0.6AI score

Exploits0

Prion•added 2007/09/11 7:17 p.m.•12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as...

4.3CVSS7.3AI score0.0042EPSS

Exploits1References8Affected Software1

NVD•added 2007/09/11 7:17 p.m.•15 views

CVE-2007-4822

4.3CVSS6.7AI score0.0042EPSS

Exploits1References8

exploitpack•added 2007/08/13 12:0 a.m.•16 views

OWASP Stinger - Filter Bypass

OWASP Stinger - Filter Bypass source: https://www.securityfocus.com/bid/25294/info OWASP Stinger is prone to a filter-bypass weakness because the application fails to properly handle certain input. Since the OWASP Stinger project is a software module designed to be incorporated into other...

0.1AI score

Exploits0

Metasploit•added 2007/08/08 2:46 a.m.•15 views

SOCKS Proxy UNC Path Redirection

This module provides a Socks proxy service that redirects all HTTP requests to a web page that loads a UNC path. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SOCKS Proxy UNC Path Redirection...

7AI score

Exploits0

Prion•added 2007/07/30 5:30 p.m.•13 views

Heap overflow

Multiple heap-based buffer overflows in 1 clsscheduler.exe aka scheduler client and 2 srvscheduler.exe aka scheduler server in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename arguments in HTTP requests...

10CVSS8.1AI score0.20356EPSS

Exploits0References8Affected Software1

NVD•added 2007/07/30 5:30 p.m.•19 views

CVE-2007-3911

10CVSS7.7AI score0.20356EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by