Lucene search
K

1299 matches found

Exploit DB
Exploit DB
added 2003/03/22 12:0 a.m.23 views

PHP-Nuke 5.6/6.x - 'banners.php' Banner Manager Password Disclosure

source: https://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and...

7.4AI score
Exploits0
CERT
CERT
added 2002/09/27 12:0 a.m.28 views

WebBoard does not adequately validate user input thereby permitting arbitrary JavaScript execution

Overview WebBoard does not adequately validate user input, allowing attackers to execute arbitrary JavaScript code on other WebBoard users' systems. Description WebBoard is a web application which includes a real-time chat server, using JavaScript alerts to display messages received by other user...

5CVSS7.1AI score0.0521EPSS
Exploits1References1
CERT
CERT
added 2002/09/26 12:0 a.m.31 views

WebCalendar does not adequately validate user input

Overview WebCalendar does not properly validate user input, allowing attackers to execute arbitrary commands. Description WebCalendar is a free PHP application providing web calendar services for user groups. WebCalendar contains an unspecified input validation vulnerability, allowing arbitrary...

7.5CVSS7.5AI score0.04043EPSS
Exploits0References1
CERT
CERT
added 2002/09/24 12:0 a.m.25 views

AdCycle does not adequately validate user input thereby allowing for SQL injection

Overview AdCycle does not adequately filter user input, allowing remote attackers to execute arbitrary MySQL queries. Description AdCycle is a shareware banner ad management system written in Perl and designed to work with a MySQL database. AdCycle does not adequately filter multiple unspecified...

5CVSS6.8AI score0.0152EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2002/06/12 12:0 a.m.34 views

MakeBook 2.2 - Form Field Input Validation

source: https://www.securityfocus.com/bid/4996/info The MakeBook guestbook software does not sufficiently sanitize potentially dangerous characters from form field input. This may enable attackers to inject arbitrary HTML into form fields, which will be stored on guestbook pages. Additionally, it...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/02/06 12:0 a.m.27 views

Problems with the scripts by Solution Scripts

!/possible/exploits/by/b0iler scripts from: http://solutionscripts.com don't take anything I say too seriously in this, as it is mostly guess work. Problems with the scripts by Solution Scripts solution script's powerlist script: It seems the author doesn't check for anything when removing user's...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2001/08/01 12:0 a.m.66 views

Entrust - getAccess

hola friends, getAccesstm is used as a single-sign-on system often used for large internet-portals. --- snip http://www.entrust.com --- Entrust GetAccesstm offers the most comprehensive solution for consistently deploying and enforcing basic and enhanced security across online applications, from...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2001/05/28 12:0 a.m.14 views

Cosmicperl Directory Pro 2.0 - Arbitrary File Disclosure

Cosmicperl Directory Pro 2.0 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/2793/info Webdirectory Pro is a web application used to create a searchable directory of links developed by Cosmicperl. Webdirectory Pro contains an input validation vulnerability which may lead to...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2001/05/07 12:0 a.m.27 views

Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read

Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2001/04/13 12:0 a.m.35 views

NCM Content Management System - content.pl Input Validation

source: https://www.securityfocus.com/bid/2584/info The NCM Content Management System is a product distributed by NCM. The NCM Content Management System is designed to manage web material and other data, and provide an interface to databases from web resources. A problem with the Content Manageme...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2001/04/03 12:0 a.m.18 views

Caucho Technology Resin 1.21.3 - JavaBean Disclosure

Caucho Technology Resin 1.21.3 - JavaBean Disclosure source: https://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside ...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2000/12/20 12:0 a.m.17 views

Brian Stanback bslist.cgi 1.0 - Remote Command Execution

Brian Stanback bslist.cgi 1.0 - Remote Command Execution source: https://www.securityfocus.com/bid/2160/info An input validation vulnerability exists in Brian Stanback's bslist.cgi, a script designed to coordinate mailing lists. The script fails to properly filter ';' characters from the...

0.5AI score
Exploits0
CERT
CERT
added 2000/10/30 12:0 a.m.78 views

rpc.statd vulnerable to remote root compromise via format string stack overwrite

Overview The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions. Please see the vendors section of this document for specific informatio...

10CVSS9.4AI score0.26322EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2000/06/09 12:0 a.m.47 views

3R Soft MailStudio 2000 2.0 - Arbitrary File Access

source: https://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. It is possible for a remote user to gain read access to all files located on the server via the usage of the "/.." string passed to a CGI, thereby compromising the confidentiality of other users...

7AI score
Exploits0
exploitpack
exploitpack
added 1999/12/31 12:0 a.m.17 views

SGI IRIX 6.2 - midikeyssoundplayer Local Privilege Escalation

SGI IRIX 6.2 - midikeyssoundplayer Local Privilege Escalation !/bin/sh source: https://www.securityfocus.com/bid/909/info SGI's Irix operating system ships with an X11 application called 'soundplayer' which is used to play .WAV files. It is not setuid root by itself, but can inherit root privileg...

1AI score
Exploits0
Exploit DB
Exploit DB
added 1998/12/15 12:0 a.m.29 views

Greg Matthews - 'Classifieds.cgi' 1.0 Hidden Variable

source: https://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the host machine, with the privileges ...

7.4AI score
Exploits0
exploitpack
exploitpack
added 1995/10/30 12:0 a.m.19 views

Microsoft Windows 95Windows for Workgroups - smbclient Directory Traversal

Microsoft Windows 95Windows for Workgroups - smbclient Directory Traversal source: https://www.securityfocus.com/bid/1884/info Samba is a set of of programs that allow Windows® clients access to a Unix server's filespace and printers over NetBIOS. A directory traversal vulnerability exists in...

7.4AI score
Exploits0
exploitpack
exploitpack
added 1994/02/07 12:0 a.m.12 views

HP-UX 1011 IRIX 3456 OpenSolaris build snv Solaris 8910 SunOS 4.1 - rpc.ypupdated Command Execution (2)

HP-UX 1011 IRIX 3456 OpenSolaris build snv Solaris 8910 SunOS 4.1 - rpc.ypupdated Command Execution 2 HP-UX 10.x/11.x,IRIX 3.x/4.x/5.x/6.x,OpenSolaris build snv,Solaris 8/9/10,SunOS 4.1.x RPC.YPUpdated Command Execution 2 source: https://www.securityfocus.com/bid/1749/info The 'rpc.ypupdated'...

Exploits0
Redos
Redos
added 1976/01/01 12:0 a.m.14 views

ROS-2-1602

2.1602 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

10CVSS9.9AI score0.06132EPSS
Exploits0
Rows per page
Query Builder