CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7210 matches found

UbuntuCve•added 2011/03/16 10:55 p.m.•24 views

CVE-2011-0745

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover 1 the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or 2 t...

4CVSS5.9AI score0.06264EPSS

Exploits2References1

exploitpack•added 2011/03/09 12:0 a.m.•20 views

Maian Weblog 4.0 - Blind SQL Injection

Maian Weblog 4.0 - Blind SQL Injection ?php / maian weblog = v4.0 Remote Blind SQL Injection Exploit vendor: http://www.maianscriptworld.co.uk/ Thanks to Johannes Dahse: http://bit.ly/dpQXMK Explanation: Lines 335 - 341 of the index.php we see this if statement that concerns our variable $bpost. ...

0.3AI score

Exploits0

securityvulns•added 2011/03/09 12:0 a.m.•54 views

'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099)

'Quick Polls' Local File Inclusion & Deletion Vulnerabilities CVE-2011-1099 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Two vulnerabilities exist in 'Quick Polls' providing local file inclusion & local file deletion due to null-byte attacks...

5.8CVSS6.2AI score0.03172EPSS

Exploits6

Packet Storm•added 2011/03/06 12:0 a.m.•31 views

Quick Polls 1.0.1 Local File Inclusion / Deletion

5.8CVSS6.5AI score0.03172EPSS

Exploits6

exploitpack•added 2011/03/06 12:0 a.m.•19 views

Quick Polls - Local File Inclusion Deletion

Quick Polls - Local File Inclusion Deletion 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities CVE-2011-1099 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Two vulnerabilities exist in 'Quick Polls' providing local file inclusion & loca...

5.8CVSS6.5AI score0.03172EPSS

Exploits6

seebug.org•added 2011/03/03 12:0 a.m.•17 views

Bo-blog v2.1.1 注入漏洞

inc/modmain.php //漏洞文件： case 'category': if !$job $job='default'; else $job=basename$job; $ifannouncement="none"; acceptrequest'mode'; if $mode==1 || $mode==2 //.......................... elseif !empty$mode && !isnumeric$mode || $mode2 getHttp404$lnc313; //...................... if isnumeric$item...

7AI score

Exploits0

Packet Storm•added 2011/03/02 12:0 a.m.•39 views

CubeCart 2.0.6 Cross Site Scripting / SQL Injection

Exploit Title: CubeCart 2.0.6 SQL injection / Cross Site Scripting Google Dork: "Powered by CubeCart 2.0.6" home : http://www.D99Y.com Date: 2/3/2011 Author: NassRawI Software Link: http://www.cubecart.com Version: 2.0.6 1 SQL injection file : index.php exploit : http://localhost/index.php?catid=...

0.2AI score

Exploits0

Packet Storm•added 2011/03/02 12:0 a.m.•2913 views

VidiScript Cross Site Scripting

Exploit Title: VidiScript index.php Cross Site Scripting home : http://www.D99Y.com Author: NassRawI Date: 2/3/2011 Google Dork: "Powered By VidiScript.com" Software Link: http://www.vidiscript.com/ file : index.php exploit : http://localhost/index.php?vp= XSS...

7.4AI score

Exploits0

Prion•added 2011/02/25 5:0 p.m.•11 views

Sql injection

Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 findfid, 2 id, 3 selectfcat, 4 selectfmon, or 5 selectftag parameter in an images action...

6.5CVSS8.8AI score0.01297EPSS

Exploits2References3Affected Software1

Patchstack•added 2011/02/24 12:0 a.m.•27 views

WordPress Forum Server Plugin 1.6.5 - SQL Injection

WordPress Forum Server plugin is prone to an SQL injection. This vulnerability exists because of failure in the "index.php" script to properly clean up user-supplied input in "searchmax" variable and in the "/wp-content/plugins/forum-server/feed.php" script to properly sanitize user-supplied inpu...

7.5CVSS1.5AI score0.05021EPSS

Exploits1References1Affected Software1

NVD•added 2011/02/23 1:0 a.m.•19 views

CVE-2011-1062

Multiple cross-site scripting XSS vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 sContext, 2 sort, 3 dir, and 4 show parameters in a save action to index.php; the 5 dir and 6 show parameters to printlist.php;...

4.3CVSS5.8AI score0.01751EPSS

Exploits2References6

Packet Storm•added 2011/02/23 12:0 a.m.•23 views

Hyena Cart SQL Injection

Hyena Cart index.php Sql Injection Vulnerability ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://hyenacart.com/ .:. Dork : "This store is powered by Hyena Cart" .:. Home : http://www.sec-risk.com/vb/ === Exploit ==...

0.4AI score

Exploits0

exploitpack•added 2011/02/23 12:0 a.m.•12 views

Hyena Cart - index.php SQL Injection

Hyena Cart - index.php SQL Injection Hyena Cart index.php Sql Injection Vulnerability ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://hyenacart.com/ .:. Dork : "This store is powered by Hyena Cart" .:. Home :...

0.4AI score

Exploits0

Cvelist•added 2011/02/22 11:0 p.m.•22 views

CVE-2011-1060

SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php...

8.4AI score0.02266EPSS

Exploits1References6

0day.today•added 2011/02/22 12:0 a.m.•23 views

Galilery 1.0 Local File Inclusion Vulnerability

Exploit for php platform in category web applications exploit title: local file include in Galilery 1.0 date: 18.o2.2o11 author: lemlajt software : Galilery version: 1.0 tested on: linux cve : http://ftp.heanet.ie/disk1/sourceforge/g/project/ga/galilery/Galilery/ PoC :...

7.1AI score

Exploits0

Packet Storm•added 2011/02/22 12:0 a.m.•18 views

Galilery 1.0 Local File Inclusion

$ cat 15lfigalilery.1.0.txt exploit title: local file include in Galilery 1.0 date: 18.o2.2o11 author: lemlajt software : Galilery version: 1.0 tested on: linux cve : http://ftp.heanet.ie/disk1/sourceforge/g/project/ga/galilery/Galilery/ PoC :...

0.2AI score

Exploits0

exploitpack•added 2011/02/12 12:0 a.m.•14 views

TaskFreak! 0.6.4 - Multiple Cross-Site Scripting Vulnerabilities

TaskFreak! 0.6.4 - Multiple Cross-Site Scripting Vulnerabilities TaskFreak! v0.6.4 Multiple Cross-Site Scripting Vulnerabilities Vendor: Stan Ozier Product web page: http://www.taskfreak.com Affected version: 0.6.4 multi-user Summary: TaskFreak! Original is a simple but efficient web based task...

7AI score

Exploits0

0day.today•added 2011/02/08 12:0 a.m.•44 views

MyMarket 1.71 (index.php) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MyMarket version 1.71index.php sql Injection Google Dork: allinurl:mymarket/shopping/index.php Date: 7-2-2011 Author: ahmadso Version: 1.71 Tested on: win xp sp2 ====================================================...

7.1AI score

Exploits0

Prion•added 2011/02/07 9:0 p.m.•17 views

Directory traversal

Multiple directory traversal vulnerabilities in AR Web Content Manager AWCM 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. dot dot in the 1 awcmtheme or 2 awcmlang cookie to a index.php or b header.php...

6.8CVSS7.6AI score0.0194EPSS

Exploits2References3Affected Software1

Exploit DB•added 2011/02/07 12:0 a.m.•26 views

MyMarket 1.71 - 'index.php' SQL Injection

Exploit Title: MyMarket version 1.71index.php sql Injection Google Dork: allinurl:mymarket/shopping/index.php Date: 7-2-2011 Author: ahmadso Version: 1.71 Tested on: win xp sp2 ==================================================== http://www.site.com/mymarket/shopping/index.php?id= SQL Codes...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by