Lucene search
+L

95 matches found

NVD
NVD
added 2016/04/08 2:59 p.m.21 views

CVE-2016-3153

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...

9.8CVSS9.9AI score0.01835EPSS
Exploits0References3
OSV
OSV
added 2016/04/08 2:59 p.m.9 views

CVE-2016-3153

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...

9.8CVSS9.8AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/04/08 2:59 p.m.21 views

CVE-2016-3153

SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrerentites function...

9.8CVSS7.5AI score0.01835EPSS
Exploits0References2
OSV
OSV
added 2016/04/08 2:59 p.m.4 views

UBUNTU-CVE-2016-3154

The encodercontexteajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

9.8CVSS7.6AI score0.01835EPSS
Exploits0References3
CNVD
CNVD
added 2016/03/17 12:0 a.m.6 views

SPIP code injection vulnerability (CNVD-2016-01731)

SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A code injection vulnerability exists in SPIP. An attacker can exploit this vulnerability to inject arbitrary PHP code by performing an add content operation...

9.8CVSS7.7AI score0.01835EPSS
Exploits0References1
OSV
OSV
added 2013/11/18 2:55 a.m.7 views

CVE-2013-4556

Cross-site scripting XSS vulnerability in the author page prive/formulaires/editerauteur.php in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the urlsite parameter...

5.5AI score
Exploits0References8
OSV
OSV
added 2013/07/09 5:55 p.m.6 views

CVE-2013-2118

SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php...

6.6AI score
Exploits0References4
EUVD
EUVD
added 2013/07/09 5:0 p.m.7 views

EUVD-2013-2087

SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php...

7.5CVSS7.5AI score0.08982EPSS
Exploits4References5
OSV
OSV
added 2009/01/02 6:11 p.m.4 views

DEBIAN-CVE-2008-5813

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS8.8AI score0.01286EPSS
Exploits0References1
OSV
OSV
added 2007/08/25 12:17 a.m.5 views

DEBIAN-CVE-2007-4525

PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelettecache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...

7.5CVSS7.8AI score0.016EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2007/08/25 12:0 a.m.40 views

CVE-2007-4525

PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelettecache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the...

7.5CVSS7.6AI score0.016EPSS
Exploits0
OSV
OSV
added 2006/04/11 10:2 a.m.11 views

CVE-2006-1702

PHP remote file inclusion vulnerability in spiplogin.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter...

7.3AI score
Exploits0References3
OSV
OSV
added 2006/02/09 6:6 p.m.8 views

CVE-2006-0625

Directory traversal vulnerability in SpipRSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALStypeurls parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file...

8.1AI score
Exploits0References7
OSV
OSV
added 2006/02/02 11:2 a.m.6 views

CVE-2006-0519

SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message...

6.3AI score
Exploits0References4
OSV
OSV
added 2005/12/22 11:3 a.m.7 views

CVE-2005-4494

Cross-site scripting XSS vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 spiplogin.php3 and 2 spippass.php3...

5.9AI score
Exploits0References6
Rows per page
Query Builder