Lucene search
+L

163 matches found

packetstorm
packetstorm
added 2007/01/20 12:0 a.m.25 views

smefilemailer-sql.txt

-=--------------------ADVISORY-------------------=- SmE FileMailer 1.21 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: SmE FileMailer -=+ Version: 1.21 -=+ Vendor's URL: http://www.scriptme.com/down/13 -=+ Platform: Windows\Linux\Unix -=+ Bu...

7.4AI score
Exploits0
nvd
nvd
added 2007/01/19 1:28 a.m.18 views

CVE-2007-0350

Multiple SQL injection vulnerabilities in a index.php and b dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 ps, 2 us, 3 f, or 4 code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346...

7.5CVSS8.4AI score0.01096EPSS
Exploits0References5
cvelist
cvelist
added 2007/01/19 1:0 a.m.24 views

CVE-2007-0350

Multiple SQL injection vulnerabilities in a index.php and b dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 ps, 2 us, 3 f, or 4 code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346...

8.4AI score0.01096EPSS
Exploits0References5
cve
cve
added 2007/01/19 1:0 a.m.45 views

CVE-2007-0350

CVE-2007-0350 describes multiple SQL injection vulnerabilities in SmE FileMailer 1.21 and earlier, affecting index.php and dl.php. The flaw allows remote attackers to inject SQL via the (1) ps, (2) us, (3) f, or (4) code parameters, with the us parameter in index.php already covered by CVE-2007-0...

7.5CVSS8.5AI score0.01096EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2007/01/18 2:28 a.m.16 views

CVE-2007-0346

SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter...

7.5CVSS8.2AI score0.01137EPSS
Exploits1References4
nvd
nvd
added 2007/01/18 2:28 a.m.19 views

CVE-2007-0339

SQL injection vulnerability in index.php aka the login form in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field ps parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS8.3AI score0.01192EPSS
Exploits1References5
prion
prion
added 2007/01/18 2:28 a.m.14 views

Sql injection

SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter...

7.5CVSS8.7AI score0.01137EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2007/01/18 2:0 a.m.20 views

CVE-2007-0339

SQL injection vulnerability in index.php aka the login form in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field ps parameter. NOTE: some of these details are obtained from third party information...

8.3AI score0.01192EPSS
Exploits1References5
cve
cve
added 2007/01/18 2:0 a.m.45 views

CVE-2007-0346

CVE-2007-0346: SQL injection vulnerability in SmE FileMailer 1.21’s index.php allows remote attackers to execute arbitrary SQL commands via the us parameter. Affected software: SmE FileMailer 1.21 (index.php). Root cause: unsafeguarded input in the us parameter enables SQL injection. Impact: pote...

7.5CVSS8.3AI score0.01137EPSS
Exploits1References4Affected Software1
cve
cve
added 2007/01/18 2:0 a.m.43 views

CVE-2007-0339

The CVE describes a SQL injection in Scriptme SMe FileMailer 1.21 through the login form (index.php). The vulnerability allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). Root cause is unsafe handling of input in the login process, enabling database c...

7.5CVSS8.3AI score0.01192EPSS
Exploits1References5Affected Software1
cvelist
cvelist
added 2007/01/18 2:0 a.m.27 views

CVE-2007-0346

SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter...

8.2AI score0.01137EPSS
Exploits1References4
seebug
seebug
added 2007/01/18 12:0 a.m.57 views

Scriptme SmE File Mailer Login SQL注入漏洞

Scriptme SmE File Mailer是一款基于PHP的站点构架程序。 Scriptme SmE File Mailer不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,未授权访问应用程序。 问题是登录脚本对用户提交的密码参数缺少过滤,提交恶意SQL代码作为数据,可导致无需验证访问应用程序。 scriptme SmE File Mailer 1.21 目前没有解决方案提供: http://www.scriptme.com/ Login: admin Password: anything' OR 'x'='x...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/01/17 12:0 a.m.61 views

[x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit

-=--------------------ADVISORY-------------------=- SmE FileMailer 1.21 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: SmE FileMailer -=+ Version: 1.21 -=+ Vendor's URL: http://www.scriptme.com/down/13 -=+ Platform: WindowsLinuxUnix -=+ Bug...

7AI score
Exploits0
exploitpack
exploitpack
added 2007/01/16 12:0 a.m.18 views

Scriptme SmE 1.21 - File Mailer Login SQL Injection

Scriptme SmE 1.21 - File Mailer Login SQL Injection source: https://www.securityfocus.com/bid/22081/info SmE File Mailer is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could...

0.7AI score
Exploits0
exploitdb
exploitdb
added 2007/01/16 12:0 a.m.44 views

Scriptme SmE 1.21 - File Mailer Login SQL Injection

source: https://www.securityfocus.com/bid/22081/info SmE File Mailer is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, acces...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/11/21 12:0 a.m.12 views

phpPC 1.04 - Multiple Remote File Inclusions

phpPC 1.04 - Multiple Remote File Inclusions phpPC 1.04 Multiples Remote File Inclusion Script : PHP Poll Creator Version : 1.04 Vendor URL : http://www.phppc.de Impact : Remote File Inclusion Discovered by : iss4m Contact : [email protected] Vulnerable code in poll.php...

0.1AI score
Exploits0
cve
cve
added 2006/02/23 11:0 p.m.41 views

CVE-2006-0856

The CVE-2006-0856 entry describes a SQL injection in login.php of Scriptme SmE GB Host 1.21 that lets remote attackers execute arbitrary SQL and bypass authentication via the Username parameter. Affected software is Scriptme SmE GB Host 1.21; the vulnerability arises from improper handling of the...

7.5CVSS8.6AI score0.01527EPSS
Exploits1References6Affected Software1
securityvulns
securityvulns
added 2006/02/18 12:0 a.m.33 views

[eVuln] SmE GB Host Authentication Bypass Vulnerability

New eVuln Advisory: SmE GB Host Authentication Bypass Vulnerability http://evuln.com/vulns/66/summary.html --------------------Summary---------------- eVuln ID: EV0066 Software: SmE GB Host Sowtware's Web Site: http://www.scriptme.com/ Versions: 1.21 Critical Level: Moderate Type: SQL Injection...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2006/02/17 12:0 a.m.43 views

[eVuln] Scriptme products BBCode 'url' XSS Vulnerability

New eVuln Advisory: Scriptme products BBCode 'url' XSS Vulnerability http://evuln.com/vulns/65/summary.html --------------------Summary---------------- eVuln ID: EV0065 CVE: CVE-2006-0661 Vendor: Scriptme Vendor's Web Site: http://www.scriptme.com/ Software: "SmE GB Host" "SmE Blog Host" Versions...

4.3CVSS0.2AI score0.01299EPSS
Exploits0
nvd
nvd
added 2006/02/13 11:6 a.m.34 views

CVE-2006-0661

Cross-site scripting XSS vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag...

4.3CVSS5.7AI score0.01299EPSS
Exploits0References6
Rows per page
Query Builder