CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

888 matches found

Cvelist•added 2009/11/16 8:0 p.m.•19 views

CVE-2009-3949

cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and confpassword parameters...

7AI score0.02199EPSS

Exploits0References2

CVE•added 2009/11/16 8:0 p.m.•42 views

CVE-2009-3949

CVE-2009-3949 affects VivaPrograms Infinity 2.0.5 and earlier (cp/profile.php). The root cause is missing administrative authentication for the donewauthor action, allowing remote attackers to create administrative accounts via the name, password, and conf_password parameters. Exploitation is net...

7.5CVSS7AI score0.02199EPSS

Exploits0References2Affected Software1

Prion•added 2009/09/16 5:30 p.m.•15 views

Directory traversal

Directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the optionsstyledir parameter to the default URI...

6.8CVSS7.2AI score0.01917EPSS

Exploits1References2Affected Software1

Prion•added 2009/09/16 5:30 p.m.•16 views

Sql injection

SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field...

6.8CVSS9.1AI score0.01019EPSS

Exploits1References2Affected Software1

NVD•added 2009/09/16 5:30 p.m.•10 views

CVE-2009-3212

SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field...

6.8CVSS8.3AI score0.01019EPSS

Exploits1References2

CVE•added 2009/09/16 5:0 p.m.•40 views

CVE-2009-3212

The CVE-2009-3212 entry describes an SQL injection in VivaPrograms Infinity Script 2.x.x when magic_quotes_gpc is disabled. The underlying issue is improper sanitization/escaping of the username field, enabling remote attackers to craft inputs that alter SQL queries. Impact is described as arbitr...

6.8CVSS8.4AI score0.01019EPSS

Exploits1References2Affected Software1

Cvelist•added 2009/09/16 5:0 p.m.•31 views

CVE-2009-3211

6.7AI score0.01917EPSS

Exploits1References2

CVE•added 2009/09/16 5:0 p.m.•50 views

CVE-2009-3211

CVE-2009-3211 describes a directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x. When magic_quotes_gpc is disabled, remote attackers can read arbitrary files by injecting a .. into the options[style_dir] parameter of the default URI. The NVD entry lists a base score of 6.8 (Medi...

6.8CVSS6.7AI score0.01917EPSS

Exploits1References2Affected Software1

Cvelist•added 2009/09/16 5:0 p.m.•18 views

CVE-2009-3212

SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field...

8.3AI score0.01019EPSS

Exploits1References2

securityvulns•added 2009/08/25 12:0 a.m.•42 views

Infinity <= v2.X.X (Local File Disclosure/Auth Bypass) Vulnerabilities

-----------------Infinity = v2.X.X Local File Disclosure/Auth Bypass Vulnerabilities------------------------- Script : Infinity version : 2.X.X Language: PHP Site: http://www.dimofinf.net/ Author: SwEET-DeViL need magicquotesgpc = Off -----...

0.5AI score

Exploits0

exploitpack•added 2009/08/18 12:0 a.m.•9 views

Infinity 2.x - options[style_dir] Local File Disclosure

Infinity 2.x - optionsstyledir Local File Disclosure ------------------Infinity ---------------------------------------------------------------------------------------------------------------- - +LFD Exploit: http://WWW.Site.Com/inf/?optionsstyledir=../include/db.php%00...

7.4AI score

Exploits0

0day.today•added 2009/08/18 12:0 a.m.•12 views

Infinity <= 2.x.x options[style_dir] Local File Disclosure Vulnerability

Exploit for unknown platform in category web applications ======================================================================== Infinity ---------------------------------------------------------------------------------------------------------------- - +LFD Exploit:...

7.1AI score

Exploits0

Packet Storm•added 2009/08/18 12:0 a.m.•16 views

Infinity 2.x.x Local File Disclosure

------------------Infinity ---------------------------------------------------------------------------------------------------------------- - +LFD Exploit: http://WWW.Site.Com/inf/?optionsstyledir=../include/db.php%00 http://WWW.Site.Com/inf/?optionsstyledir=../../../../../../etc/passwd%00...

7.4AI score

Exploits0

seebug.org•added 2009/08/18 12:0 a.m.•18 views

Infinity <= 2.x.x options[style_dir] Local File Disclosure Vulnerability

No description provided by source. ------------------Infinity = v2.X.X Local File Disclosure / Auth Bypass Vulnerabilities------------------------- ---------------------------------------------------------------------------------------------------------------- Script : Infinity version : 2.X.X...

7.1AI score

Exploits0

Exploit DB•added 2009/08/18 12:0 a.m.•31 views

Infinity 2.x - 'options[style_dir]' Local File Disclosure

7.4AI score

Exploits0

exploitpack•added 2009/04/17 12:0 a.m.•23 views

Microsoft GDI Plugin - .png Infinite Loop Denial of Service (PoC)

Microsoft GDI Plugin - .png Infinite Loop Denial of Service PoC ! /usr/bin/perl CALgdiplugpoc.pl MircosoftgdiplugpnginfinityloopD.o.S POC by Code Audit Labs public 2009-04-17 http://www.vulnhunt.com/ Affected ======== test on full updated winxp sp3 other version should be affected CVE: please...

0.1AI score

Exploits0

0day.today•added 2009/04/17 12:0 a.m.•17 views

Microsoft GDI Plugin .png Infinite Loop Denial of Service PoC

Exploit for unknown platform in category dos / poc ============================================================= Microsoft GDI Plugin .png Infinite Loop Denial of Service PoC ============================================================= ! /usr/bin/perl CALgdiplugpoc.pl...

7AI score

Exploits0

securityvulns•added 2008/06/25 12:0 a.m.•70 views

Double Denial of Service in Call of Duty 4 1.6

Luigi Auriemma Application: Call of Duty 4: Modern Warfare http://www.callofduty.com Versions: = 1.6 Platforms: Windows tested and Linux Bugs: A "Attempted to overrun string in call to va" DoS B "callvote map" Denial of Service Exploitation: remote, versus server in-game Date: 22 Jun 2008 Author:...

1.1AI score

Exploits0

seebug.org•added 2008/05/05 12:0 a.m.•21 views

游戏使命召唤畸形stats命令拒绝服务漏洞

BUGTRAQ ID: 29026 使命召唤（Call of Duty）是Infinity Ward开发的非常流行的第一人称扮演游戏。使命召唤在处理畸形格式的请求数据时存在漏洞，远程攻击者可能利用此漏洞导致服务器不可用。使命召唤4引入了一类被称为stats的无连接命令，玩家加入远程游戏后就会顺序发送0到6类型的上述命令。服务器还接收额外的7类型stats命令，如果客户端使用了这个7类型命令的话，远程服务器就会由于负数大小值的memcpy而崩溃。成功利用这个漏洞要求攻击者知道受保护服务器的口令，此外如果服务器要求的话还需要拥有有效的cdkey。 Activision Call of...

6.9AI score

Exploits0

securityvulns•added 2007/07/10 12:0 a.m.•48 views

http://marmarahosting.org/infinity.txt

"Infinity Solutions LLC" e/description.asp sql injection Credit : CodeXpLoder'tq mail : codexploderathotmaildotcom site : Biyosecurity.net,expw0rm.com thx : BiyoSecurityTeam spec.note : "Live The Life" 1- example.com/patch/description.asp?id=sql methot 1- example.com/e/description.asp?id=sql meth...

0.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by