CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

1304 matches found

NVD•added 2011/02/14 10:0 p.m.•11 views

CVE-2011-0987

The PMABookmarkget function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark...

6.5CVSS6.6AI score0.02728EPSS

Exploits0References17

Debian CVE•added 2011/02/14 9:0 p.m.•25 views

CVE-2011-0987

The PMABookmarkget function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark...

6.5CVSS6.7AI score0.02728EPSS

0day.today•added 2011/01/18 12:0 a.m.•24 views

Joomla Component com_allcinevid 1.0.0 Blind SQL Injection Vulnerability

Exploit for php platform in category web applications allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability Name allCineVid Vendor http://www.joomtraders.com Versions Affected 1.0.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta...

exploitpack•added 2011/01/18 12:0 a.m.•13 views

Joomla! Component allCineVid 1.0.0 - Blind SQL Injection

Joomla! Component allCineVid 1.0.0 - Blind SQL Injection http://adv.salvatorefresta.net/allCineVidJoomlaComponent1.0.0BlindSQLInjectionVulnerability-18012011.txt allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability Name allCineVid Vendor http://www.joomtraders.com Versions Affected...

Exploit DB•added 2011/01/18 12:0 a.m.•32 views

Joomla! Component allCineVid 1.0.0 - Blind SQL Injection

http://adv.salvatorefresta.net/allCineVidJoomlaComponent1.0.0BlindSQLInjectionVulnerability-18012011.txt allCineVid Joomla Component 1.0.0 Blind SQL Injection Vulnerability Name allCineVid Vendor http://www.joomtraders.com Versions Affected 1.0.0 Author Salvatore Fresta aka Drosophila Website...

0day.today•added 2011/01/16 12:0 a.m.•16 views

Joomla Component 1.0.0 com_people SQL Injection Vulnerability

Exploit for php platform in category web applications People Joomla Component 1.0.0 SQL Injection Vulnerability Name People Vendor http://www.ptt-solution.com Versions Affected 1.0.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot...

exploitpack•added 2011/01/14 12:0 a.m.•13 views

Joomla! Component People 1.0.0 - SQL Injection

Joomla! Component People 1.0.0 - SQL Injection People Joomla Component 1.0.0 SQL Injection Vulnerability Name People Vendor http://www.ptt-solution.com Versions Affected 1.0.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Da...

Saint•added 2011/01/04 12:0 a.m.•25 views

SQL injection authentication bypass

Added: 01/04/2011 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a...

Packet Storm•added 2010/12/29 12:0 a.m.•18 views

HotWeb Rental SQL Injection

HotWeb Rentals "PageId" SQL Injection Vulnerability PRODUCT http://www.hotwebscripts.co.uk/ Input passed to the "PageId" parameter in default.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. POC...

securityvulns•added 2010/12/29 12:0 a.m.•59 views

Pre Jobo .NET "Password" SQL Injection Vulnerability

Pre Jobo .NET "Password" SQL Injection Vulnerability PRODUCT http://www.preprojects.com/jobo.asp Input passed to the "Password" form field in jobseeker/register the Post Your CV page is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by...

0day.today•added 2010/10/28 12:0 a.m.•18 views

AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities

Exploit for php platform in category web applications ========================================================= AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities ========================================================= Name AlstraSoft E-Friends Vendor http://www.alstrasoft.com Versions...

securityvulns•added 2010/10/28 12:0 a.m.•45 views

AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities

AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities Name AlstraSoft E-Friends Vendor http://www.alstrasoft.com Versions Affected 4.96 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-10-27 X. INDEX I. ABOUT THE...

Exploit DB•added 2010/10/27 12:0 a.m.•28 views

Alstrasoft e-Friends 4.96 - Multiple Vulnerabilities

AlstraSoft E-Friends 4.96 Multiple Remote Vulnerabilities Name AlstraSoft E-Friends Vendor http://www.alstrasoft.com Versions Affected 4.96 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-10-27 X. INDEX I. ABOUT THE...

securityvulns•added 2010/10/24 12:0 a.m.•210 views

Aardvark Topsite XSS vulnerability

Hi, I found XSS on Aardvark Topsites PHP system. Dork: "Powered by Aardvark Topsites" "SQL Queries" XSS: sitepath/index.php?a=search&q=2220onmouseover3dalertString.fromCharCode88,83,8320par3d22 Can use POST to effect the "email", "title", "u" and "url" parameters either on the same way. Tested...

Zero Day Initiative•added 2010/10/08 12:0 a.m.•24 views

IBM Tivoli Provisioning Manager for OS Deployment TCP to ODBC Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary SQL queries on vulnerable installations of Tivoli Provisioning Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TCP to ODBC gateway component which listens by default on TCP...

10CVSS7.9AI score

Exploits0References1

Exploit DB•added 2010/09/30 12:0 a.m.•31 views

Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities

JE Guestbook 1.0 Joomla Component Multiple Remote Vulnerabilities Name JE Guestbook Vendor http://www.joomlaextensions.co.in Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-09-30 X. INDEX I. ABO...

OpenVAS•added 2010/09/15 12:0 a.m.•16 views

BugTracker.NET 'search.aspx' SQL Injection Vulnerability

The host is running BugTracker.NET and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbbugtrackersqlinjvuln.nasl 5263 2017-02-10 13:45:51Z teissa $ BugTracker.NET 'search.aspx' SQL Injection Vulnerability Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networks...

7.5CVSS7.2AI score0.01084EPSS

Exploits0References4

exploitpack•added 2010/08/10 12:0 a.m.•17 views

Joomla! Component Teams - Multiple Blind SQL Injections

Joomla! Component Teams - Multiple Blind SQL Injections Teams 110281008091711 Joomla Component Multiple Blind SQL Injection Vulnerabilities Name Teams Vendor http://www.joomlamo.com Versions Affected 110281008091711 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net...

Exploit DB•added 2010/08/10 12:0 a.m.•30 views

Joomla! Component Teams - Multiple Blind SQL Injections

Teams 110281008091711 Joomla Component Multiple Blind SQL Injection Vulnerabilities Name Teams Vendor http://www.joomlamo.com Versions Affected 110281008091711 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-08-10 X...

Packet Storm•added 2010/08/03 12:0 a.m.•24 views

Joomla Spielothek 1.6.9 Blind SQL Injection

Spielothek 1.6.9 Joomla Component Multiple Blind SQL Injection Name Spielothek Vendor http://www.spielban.de Versions Affected 1.6.9 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-31 X. INDEX I. ABOUT THE...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by