CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CERT•added 2002/09/24 12:0 a.m.•22 views

AdCycle does not adequately validate user input thereby allowing for SQL injection

Overview AdCycle does not adequately filter user input, allowing remote attackers to execute arbitrary MySQL queries. Description AdCycle is a shareware banner ad management system written in Perl and designed to work with a MySQL database. AdCycle does not adequately filter multiple unspecified...

5CVSS6.8AI score0.00621EPSS

Exploits0References2

securityvulns•added 2002/07/03 12:0 a.m.•26 views

Noguska Nola 1.1.1 [ Intranet Business Management Software ]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Noguska Nola 1.1.1 Intranet Business Management Software .: Software Desciption :. - - compied from their site - Redefining the scope of Enterprise Software The NOLA web based software package allows your business to effortlessly reach further than...

7.8AI score

securityvulns•added 2002/06/27 12:0 a.m.•30 views

Noguska Nola 1.1.1 [ Intranet Business Management Software ]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Noguska Nola 1.1.1 Intranet Business Management Software .: Software Desciption :. - -- compied from their site -- Redefining the scope of Enterprise Software The NOLA web based software package allows your business to effortlessly reach further than...

Cvelist•added 2002/05/03 4:0 a.m.•20 views

CVE-2001-1255

WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database...

6.3AI score0.00143EPSS

Exploit DB•added 2002/01/02 12:0 a.m.•23 views

WikkiTikkiTavi 0.x - Remote File Inclusion

source: https://www.securityfocus.com/bid/3946/info WikkiTikkiTavi is a freely available engine for running a Wiki site. Wiki sites are web communities which are based on the idea that every webpage is editable by users of the website. WikkiTikkiTavi is back-ended by a MySQL database and runs on...

NVD•added 2001/12/25 5:0 a.m.•12 views

CVE-2001-1226

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database...

5CVSS7.2AI score0.00621EPSS

securityvulns•added 2001/03/20 12:0 a.m.•16 views

Aspseek Buffer Overflow

|---------------------------------------------------------------------------------------| / Product: Aspseek Search Engine. Vendor URL: www.aspseek.org / Tested on: v1.0.0 - v1.0.3 Freeware Linux Vendor Contact: Mailed on 8th March NO Reply Vendor Patched though / |-- The Problem,...

7.6AI score

Exploit DB•added 2001/02/19 12:0 a.m.•31 views

Adcycle 0.77/0.78 - AdLibrary.pm Session Access

source: https://www.securityfocus.com/bid/2393/info Adcycle is a package of perl scripts available from Adcycle.com. The scripts are designed to manage banner ad rotation through a web interface, backended with a MySQL database. A problem with the suite could allow remote execution of commands. T...

exploitpack•added 2001/02/19 12:0 a.m.•12 views

Adcycle 0.770.78 - AdLibrary.pm Session Access

Adcycle 0.770.78 - AdLibrary.pm Session Access source: https://www.securityfocus.com/bid/2393/info Adcycle is a package of perl scripts available from Adcycle.com. The scripts are designed to manage banner ad rotation through a web interface, backended with a MySQL database. A problem with the...

Cvelist•added 2001/01/22 5:0 a.m.•16 views

CVE-2000-0981

MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password...

6.5AI score0.0107EPSS

exploitpack•added 2001/01/11 12:0 a.m.•14 views

Basilix Webmail 0.9.7 - Incorrect File Permissions

Basilix Webmail 0.9.7 - Incorrect File Permissions source: https://www.securityfocus.com/bid/2198/info A vulnerability has been reported in basilix webmail v. 0.9.7b. Basilix Webmail ships with several configuration files that have the file extensions '.class' and '.inc'. Among other things, thes...

Exploit DB•added 2001/01/11 12:0 a.m.•20 views

Basilix Webmail 0.9.7 - Incorrect File Permissions

source: https://www.securityfocus.com/bid/2198/info A vulnerability has been reported in basilix webmail v. 0.9.7b. Basilix Webmail ships with several configuration files that have the file extensions '.class' and '.inc'. Among other things, these files contain the authentication information for...

NVD•added 2000/12/19 5:0 a.m.•21 views

CVE-2000-0981

MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password...

7.2CVSS6.5AI score0.0107EPSS

NVD•added 2000/10/20 4:0 a.m.•12 views

CVE-2000-0707

PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password...

7.5CVSS6.2AI score0.00846EPSS

securityvulns•added 2000/08/07 12:0 a.m.•21 views

Дырка в PCCS MySQL DB Admin Tool

При установке по-умолчанию пароль администрирования находится в файле открытом для чтения и доступном через HTTP...

7.2AI score

Exploits0References1Affected Software1

FreeBSD Advisory•added 2000/02/28 12:0 a.m.•6 views

FreeBSD-SA-00:05.mysql

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:05 Security Advisory FreeBSD, Inc. Topic: MySQL allows bypassing of password authentication Category: ports Module: mysql322-server Announced: 2000-02-28 Affects: Ports...

5.9AI score