Lucene search
K

7210 matches found

CVE
CVE
added 2007/07/10 1:0 a.m.39 views

CVE-2007-3643

CVE-2007-3643 affects AV Arcade 2.1b. The vulnerability arises in admin/index.php where the ava_userid cookie value of 1 grants administrative privileges, enabling remote attackers to perform certain admin actions. The root cause is improper authentication/authorization tied to the ava_userid coo...

10CVSS6.7AI score0.02237EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/07/10 12:0 a.m.41 views

CVE-2007-3631

CVE-2007-3631 affects GameSiteScript (gss) 3.1 and earlier. The vulnerability is an SQL injection in index.php triggered via the params parameter due to missing input validation of the id field. This can allow remote attackers to execute arbitrary SQL commands. According to NVD, the CVSS v2 base ...

7.5CVSS8.4AI score0.01217EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2007/07/07 12:0 a.m.20 views

moodle-xss.txt

Dear [email protected], 1. MustLive mustlive at websecurity.com dot ua reported crossite scripting vulnerability in Moodle 1.7.1 via search parameter of index.php, example:...

7.4AI score
Exploits0
NVD
NVD
added 2007/07/06 7:30 p.m.17 views

CVE-2007-3598

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that...

5.5CVSS6.5AI score0.00966EPSS
Exploits0References4
Prion
Prion
added 2007/07/06 7:30 p.m.19 views

Sql injection

SQL injection vulnerability in the dashboard include/utils/SearchUtils.php in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigneduserid parameter in a Potentials ListView action to index.php...

6.5CVSS8.6AI score0.01396EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/07/05 8:30 p.m.13 views

CVE-2007-3587

MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php...

7.5CVSS7.2AI score0.02887EPSS
Exploits1References6
seebug.org
seebug.org
added 2007/07/05 12:0 a.m.30 views

AV Arcade Index.PHP SQL注入漏洞

AV Arcade是一款基于PHP的WEB应用程序。 AV Arcade不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Index.PHP'脚本对用户提交的'id'参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 AV Scripts AV Arcade 2.1b 目前没有解决方案提供: http://www.avscripts.net/...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/07/04 3:30 p.m.27 views

CVE-2007-3555

Cross-site scripting XSS vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424...

4.3CVSS6.1AI score0.02951EPSS
Exploits0References1
CVE
CVE
added 2007/07/04 3:0 p.m.64 views

CVE-2007-3555

CVE-2007-3555 is a cross-site scripting (XSS) vulnerability in Moodle 1.7.1’s index.php that allows an attacker to inject arbitrary script/HTML via the search parameter. The issue stems from how the style expression is handled and is listed among several Moodle vulnerabilities addressed in Debian...

4.3CVSS6.6AI score0.02951EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2007/07/04 3:0 p.m.28 views

CVE-2007-3555

Cross-site scripting XSS vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424...

6.6AI score0.02951EPSS
Exploits0References12
NVD
NVD
added 2007/07/03 6:30 p.m.11 views

CVE-2007-3517

Multiple cross-site scripting XSS vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF to 1 index.php, 2 demo/claroline170/index.php, and possibly other scripts...

4.3CVSS5.9AI score0.01806EPSS
Exploits0References6
CVE
CVE
added 2007/07/03 6:0 p.m.46 views

CVE-2007-3517

CVE-2007-3517 covers multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3. An attacker can inject arbitrary web script or HTML by supplying malicious content through PATH_INFO (PHP_SELF) to scripts such as index.php and demo/claroline170/index.php (and potentially other scripts)...

4.3CVSS5.9AI score0.01806EPSS
Exploits0References6Affected Software1
exploitpack
exploitpack
added 2007/07/02 12:0 a.m.15 views

Moodle 1.7.1 - index.php Cross-Site Scripting

Moodle 1.7.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/24748/info Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting...

6.8AI score
Exploits0
Prion
Prion
added 2007/06/27 12:30 a.m.14 views

Sql injection

SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action...

7.5CVSS9.1AI score0.01644EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2007/06/27 12:30 a.m.15 views

CVE-2007-3434

index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' quote character in the page parameter, which reveals the table prefix in an error message...

5CVSS6.1AI score0.02684EPSS
Exploits0References5
Prion
Prion
added 2007/06/27 12:30 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected...

4.3CVSS6.2AI score0.01864EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2007/06/27 12:30 a.m.12 views

Sql injection

SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action...

7.5CVSS9.1AI score0.01041EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2007/06/27 12:0 a.m.42 views

CVE-2007-3427

Affected software: phpTrafficA 1.4.2 and earlier. The vulnerability is in index.php (stats action) where the pageid parameter enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. Root cause: improper handling/validation of pageid leading to injection. Impact: as sta...

7.5CVSS8.4AI score0.01644EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2007/06/27 12:0 a.m.17 views

CVE-2007-3426

Cross-site scripting XSS vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

5.7AI score0.01935EPSS
Exploits0References7
CVE
CVE
added 2007/06/27 12:0 a.m.41 views

CVE-2007-3426

The CVE-2007-3426 issue affects phpTrafficA (versions 1.4.2 and earlier). The vulnerability is an XSS in index.php where the lang parameter can be exploited to inject arbitrary web script or HTML. This could allow remote attackers to run client-side code in the context of the affected user’s sess...

4.3CVSS5.7AI score0.01935EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder