Lucene search
K

688 matches found

0day.today
0day.today
added 2008/02/19 12:0 a.m.158 views

RunCMS Module MyAnnonces (cid) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== RunCMS Module MyAnnonces cid SQL Injection Vulnerability ========================================================== runcms MyAnnonces SQL Injectioncid DORK 1 : allinurl: "modules...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2008/02/01 8:0 p.m.4 views

CVE-2007-6695

Cross-site scripting XSS vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter...

4.3CVSS5.7AI score0.01073EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2008/01/04 11:46 a.m.2 views

CVE-2007-6647

SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter...

7.5CVSS6.3AI score0.0101EPSS
Exploits0References5
CVE
CVE
added 2008/01/04 11:0 a.m.44 views

CVE-2007-6660

The CVE-2007-6660 entry involves the 2z project version 0.9.6.1 where information disclosure can occur via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year/month parameters, causing error messages that reveal the path. The NVD description d...

5CVSS6.3AI score0.01232EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/12/20 8:46 p.m.2 views

CVE-2007-6489

Multiple cross-site scripting XSS vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the 1 gbmail, 2 gbname, and 3 gbtext parameters in a guestbook action to index.php, and unspecified other vectors...

7.5CVSS5.5AI score0.06837EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2007/12/20 12:46 a.m.3 views

CVE-2007-6455

Multiple cross-site scripting XSS vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Itemid parameter in a comfrontpage option and the 2 option parameter...

4.3CVSS5.4AI score0.015EPSS
Exploits0References6
OSV
OSV
added 2007/09/26 11:17 p.m.4 views

UBUNTU-CVE-2007-5109

Cross-site request forgery CSRF vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified 1 regpass and 2 level parameters in a noneLogin action, as demonstrated by using...

4.3CVSS6AI score0.00556EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2007/05/09 12:0 a.m.3 views

PT-2007-3877 · Pfa · Pfa Cms

Name of the Vulnerable Software and Affected Versions: pfa CMS version 6.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter in the index.php file. However, it's noted that $repinc is set to a constant value before use, which disputes t...

7.5CVSS8AI score0.01548EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2007/04/26 12:0 a.m.4 views

PT-2007-3644 · Bloofox · Bloofoxcms

Name of the Vulnerable Software and Affected Versions: BlooFoxCMS version 0.2.2 Description: The issue concerns a PHP remote file inclusion vulnerability in the install/index.php file of BlooFoxCMS. This vulnerability potentially allows remote attackers to execute arbitrary PHP code via a URL in...

7.5CVSS7.7AI score0.01356EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2007/04/12 7:19 p.m.1 views

CVE-2007-1999

PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the inilangpack parameter...

7.5CVSS6.2AI score0.02785EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2007/04/12 7:19 p.m.1 views

CVE-2007-2013

Cross-site scripting XSS vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

4.3CVSS5.7AI score0.01769EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2007/04/11 1:19 a.m.3 views

CVE-2007-1957

Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php aka Gsylvain35 Portail Web, PwP allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in 1 template/Vert/, or 2 template/Noir/...

6.8CVSS6.2AI score0.01343EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.5 views

CVE-2007-1148

PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter...

7.5CVSS6.2AI score0.02664EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.1 views

CVE-2007-1135

Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the 1 strid parameter to index.php and the 2 id0 or other id array index parameter to filecheck.php...

6.8CVSS6.3AI score0.0103EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.3 views

CVE-2007-1149

Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. dot dot in 1 the step parameter to install/index.php or 2 the load parameter to the top-level URI...

5CVSS5.8AI score0.0359EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.4 views

CVE-2007-1152

Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. dot dot in the 1 act or 2 pid parameter to the top-level URI index.php, or the 3 action parameter to admin/index.php. NOTE: some of these details are obtained from third part...

5CVSS5.8AI score0.02728EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2007/02/27 12:0 a.m.5 views

PT-2007-2553 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xtcommerce affected versions not specified Description: The issue allows remote attackers to read arbitrary files via a .. dot dot in the template parameter of the index.php file. This enables access to sensitive information. Recommendations:...

5CVSS6.2AI score0.05467EPSS
Exploits0References11
OSV
OSV
added 2007/02/21 11:28 p.m.5 views

DEBIAN-CVE-2007-1054

Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer...

6.8CVSS6AI score0.01944EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2006/12/02 2:28 a.m.2 views

CVE-2006-6230

SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962...

7.5CVSS6.3AI score0.02455EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2006/09/19 12:0 a.m.6 views

PT-2006-5618 · All Enthusiast · Reviewpost

Name of the Vulnerable Software and Affected Versions: All Enthusiast ReviewPost version 2.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the RP PATH parameter in the index.php file. Recommendations: For All Enthusiast ReviewPost version 2.5, consider...

7.5CVSS7.3AI score0.02967EPSS
Exploits1References7
Rows per page
Query Builder