Lucene search
K

7210 matches found

NVD
NVD
added 2007/02/21 11:28 a.m.16 views

CVE-2007-1020

Cross-site scripting XSS vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter...

6.8CVSS5.7AI score0.04841EPSS
Exploits1References8
CVE
CVE
added 2007/02/21 11:0 a.m.42 views

CVE-2007-1020

CVE-2007-1020 affects CedStat 1.31, with an XSS flaw in index.php exploited via the hier parameter. The root cause is insufficient sanitization allowing remote script injection. Impact per CVSS 2.0: Partial confidentiality, integrity, and availability (base score 6.8). Connected documents provide...

6.8CVSS5.7AI score0.04841EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2007/02/21 11:0 a.m.25 views

CVE-2007-1020

Cross-site scripting XSS vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter...

5.7AI score0.04841EPSS
Exploits1References8
Exploit DB
Exploit DB
added 2007/02/21 12:0 a.m.24 views

CedStat 1.31 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22653/info CedStat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

7AI score
Exploits0
CVE
CVE
added 2007/02/16 11:0 a.m.46 views

CVE-2007-0986

Jupiter CMS 1.1.5 is affected by a PHP remote file inclusion in index.php when running PHP 5.0.0 or later. An attacker can supply an ftp URL in the n parameter to execute arbitrary PHP code on the affected system. The available documents confirm the vulnerability class and target version, but do ...

5.1CVSS7.6AI score0.03292EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2007/02/16 1:28 a.m.13 views

Sql injection

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...

7.5CVSS9.2AI score0.01241EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2007/02/16 1:28 a.m.25 views

CVE-2007-0971

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...

7.5CVSS8.5AI score0.01241EPSS
Exploits1References7
Cvelist
Cvelist
added 2007/02/16 1:0 a.m.23 views

CVE-2007-0971

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...

8.5AI score0.01241EPSS
Exploits1References7
CVE
CVE
added 2007/02/16 1:0 a.m.44 views

CVE-2007-0971

Jupiter CMS 1.1.5 is affected by multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and other headers that set the ip variable used in queries in index.php and related PHP scripts. This is the underlying cause: input ...

7.5CVSS8.5AI score0.01241EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2007/02/15 2:0 a.m.48 views

CVE-2006-7022

The CVE-2006-7022 entry concerns fx-APP 0.0.8.1, where the Tools module allows remote attackers to misrepresent a web page’s contents by supplying an arbitrary URL in the url parameter to the showhtml action of index.php, causing that URL to render inside an iframe. The available description expl...

10CVSS6.8AI score0.02169EPSS
Exploits0References4Affected Software1
Exploit DB
Exploit DB
added 2007/02/08 12:0 a.m.31 views

LightRO CMS 1.0 - 'index.php?projectid' SQL Injection

exploit2.asp 'Update: + Get Header 'Update: + Get Whois Info '=============================================================================================== % function functionControl1 setTimeout"functionControl2",2000; function functionControl2 ifdocument.form1.field1.value=="" alert"Exploit...

7AI score
Exploits0
Prion
Prion
added 2007/02/07 8:28 p.m.20 views

Directory traversal

Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. dot dot in the chemin parameter to 1 modnews/index.php or 2 modnews/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely...

5CVSS7.2AI score0.07257EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/02/07 8:0 p.m.44 views

CVE-2007-0821

CVE-2007-0821 describes multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2. An attacker can read arbitrary files by injecting a .. sequence into the chemin parameter of two PHP scripts: mod_news/index.php and mod_news/goodies.php. The underlying issue is improper validatio...

5CVSS6.6AI score0.07257EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/02/06 2:28 a.m.21 views

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 CoD2 DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter...

7.5CVSS8AI score0.03247EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2007/02/06 2:0 a.m.64 views

CVE-2007-0757

CVE-2007-0757 is a PHP remote file inclusion vulnerability in the rootpath handling of the Call of Duty 2 DreamStats System (version 4.2 and earlier). The flaw in index.php allows an attacker to supply a URL in the rootpath parameter and cause arbitrary PHP code execution on the affected server. ...

7.5CVSS7.6AI score0.03247EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2007/02/04 12:0 a.m.22 views

CVE-2007-0700

Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php aka Gsylvain35 Portail Web, PwP allows remote attackers to read arbitrary files via a .. dot dot in the page parameter. NOTE: this issue was later reported for 2.5.1.1...

6.7AI score0.03335EPSS
Exploits1References9
securityvulns
securityvulns
added 2007/02/03 12:0 a.m.153 views

CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability

ConTact Me:-wWw.Asb-May.Net ScRiPt:-http://callofduty.filefront.com/file/DreamStatsSystem;54520 Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs TeAm index.php:- if !$slots include$rootpath . 'html/serveroffline.php';exit; ExPlOiT:-http://www.Site.com/PaTh/index.php?rootpath=Shell milw0rm.com...

1.5AI score
Exploits0
seebug.org
seebug.org
added 2007/02/03 12:0 a.m.15 views

CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability

No description provided by source. ConTact Me:-wWw.Asb-May.Net ScRiPt:-http://callofduty.filefront.com/file/DreamStatsSystem;54520 Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs TeAm index.php:- if !$slots include$rootpath . 'html/serveroffline.php';exit;...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/02/02 12:0 a.m.42 views

CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ===================================================================== CoD2: DreamStats index.php:- if !$slots include$rootpath . 'html/serveroffline.php';exit; ExPlOiT:-http://www.Site.com/PaTh/index.php?rootpath=Shell 0day.today 2018-04-0...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/02/02 12:0 a.m.17 views

CoD2: DreamStats 4.2 - index.php Remote File Inclusion

CoD2: DreamStats 4.2 - index.php Remote File Inclusion ConTact Me:-wWw.Asb-May.Net ScRiPt:-http://callofduty.filefront.com/file/DreamStatsSystem;54520 Discovered By:- ThE dE@Th index.php:- if !$slots include$rootpath . 'html/serveroffline.php';exit;...

0.6AI score
Exploits0
Rows per page
Query Builder