CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

196 matches found

seebug.org•added 2014/07/01 12:0 a.m.•34 views

Plume CMS 1.0.4 index.php _PX_config[manager_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18780/info Plume CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows the attacker to execute arbitrary...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•10 views

PHPMyFAQ 1.5.1 - Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14929/info PHPMyFAQ is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

7.1AI score

Exploits0

exploitpack•added 2014/01/17 12:0 a.m.•16 views

BloofoxCMS - bloofoxindex.php?Username SQL Injection

BloofoxCMS - bloofoxindex.php?Username SQL Injection source: https://www.securityfocus.com/bid/65019/info bloofoxCMS is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site request forgery vulnerabilities 3. A local file-include...

0.1AI score

Exploits0

ThreatPost•added 2013/03/21 6:57 p.m.•12 views

DHS, ICS-CERT Warn of Siemens HMI Vulnerabilities

The Department of Homeland Security and the ICS-CERT issued an advisory yesterday warning of serious vulnerabilities in Siemens industrial control software deployed in a number of industries including water, gas and oil, and chemical. Siemens said it has patched the flaws in a new version of its...

0.2AI score

Exploits0References2

CERT•added 2011/01/25 12:0 a.m.•15 views

Lomtec ActiveWeb Professional 3.0 CMS allows arbitrary file upload and execution

Overview Lomtec ActiveWeb Professional 3.0 web content management server allows unauthenticated users to upload arbitrary files. Description According to Lomtec's website: "Lomtec ActiveWeb offers an ideal solution for the creation, maintenance and administration of a Web site and its content. "...

8AI score

Exploits0References1

Packet Storm•added 2010/12/16 12:0 a.m.•20 views

PHP Universal Web Messenger Cross-Domain Redirect

http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-06 PR10-06 Cross-domain redirect on PGP Universal Web Messenger Advisory publicly released: Thursday, 16 December 2010 Vulnerability found: Wednesday, 10 February 2010 Vendor informed: Wednesday, 10 February 2010 Vulnerability...

7.4AI score

Exploits0

securityvulns•added 2009/10/06 12:0 a.m.•95 views

[Advisory]PBBoard <=2.0.2 Full Path Disclosure

AdvisoryPBBoard =2.0.2 - Full Path Disclosure Details ======= Product: PHP = PBBoard Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.pbboard.com Credits ============ Discovered by: rUnViRuS site: http://www.sec-area.com Affected Products: ---------------------------- test on...

0.4AI score

Exploits0

exploitpack•added 2009/10/06 12:0 a.m.•14 views

PBBoard 2.0.2 - Full Path Disclosure

PBBoard 2.0.2 - Full Path Disclosure AdvisoryPBBoard GET as $sqlget if eregi"select", $sqlget or eregi"union", $sqlget or eregi"%", $sqlget $this-error'?? ¨¹??? ± ?´±?¹?!'; ================ ================ 2. Full Path Disclosure ----------------------------------- allow attackers to gather the...

Exploits0

exploitpack•added 2009/09/27 12:0 a.m.•27 views

PHP 5.3 - preg_match() Full Path Disclosure

PHP 5.3 - pregmatch Full Path Disclosure MajorSecurity Advisory 57PHP =5.3 - pregmatch full path disclosure Details ======= Product: PHP =5.3 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.php.net/ Vendor-Status: informed Advisory-Status: published Credits ============...

7.4AI score

Exploits0

seebug.org•added 2009/09/27 12:0 a.m.•31 views

PHP <=5.3 - preg_match() full path disclosure

No description provided by source. MajorSecurity Advisory 57PHP =5.3 - pregmatch full path disclosure Details ======= Product: PHP =5.3 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.php.net/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...

7.1AI score

Exploits0

securityvulns•added 2008/11/21 12:0 a.m.•48 views

PR08-09: Unauthenticated File Retrieval on Sun Java System Identity Manager "ext" parameter

PR08-09: Unauthenticated File Retrieval on Sun Java System Identity Manager "ext" parameter Date Found: 25th April 2008 Vendor Contacted: 28th April 2008 Date Public: 10th November 2008 Severity: High Credits: Richard Brain of ProCheckUp Ltd www.procheckup.com. ProCheckUp thanks Sun for working...

7AI score

Exploits0

securityvulns•added 2008/02/29 12:0 a.m.•43 views

PR07-41: XSS on Juniper Networks Secure Access 2000

PR07-41: XSS on Juniper Networks Secure Access 2000 Vulnerability found: 6th December 2007 Vendor informed: 12th December 2007 Severity: Medium-high Description: Juniper Networks Secure Access 2000 is vulnerable to a vanilla XSS. Vulnerable server-side script: '/dana-na/auth/rdremediate.cgi'...

6.2AI score

Exploits0

ATTACKERKB•added 2007/12/21 10:46 p.m.•2 views

CVE-2007-6514

Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "" backslash, which is not handled by the intended AddType directive...

4.3CVSS5.6AI score0.12905EPSS

Exploits0References5

Packet Storm•added 2007/12/02 12:0 a.m.•22 views

ProCheckUp Security Advisory 2007.14

PR07-14: Cross-site Scripting XSS / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script Date Found: 19th June 2007 Successfully tested on: version 5.5.2 F5 Networks has confirmed the following versions to be vulnerable: FirePass versions 5.4.1 - 5.5.2 FirePass...

0.2AI score

Exploits0

securityvulns•added 2007/11/30 12:0 a.m.•36 views

PR07-15: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script

PR07-15: Cross-site Scripting XSS / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script Date Found: 19th June 2007 Successfully tested on: version 5.5.2 F5 Networks has confirmed the following versions to be vulnerable: FirePass versions 5.4.1 - 5.5.2 FirePass versions 6...

6.2AI score

Exploits0

securityvulns•added 2007/09/26 12:0 a.m.•86 views

SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory 64 SimpGB version 1.46.02 Multiple Path Disclosure Vulnerabilities Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multip...

7AI score

Exploits0

securityvulns•added 2007/07/24 12:0 a.m.•52 views

PR07-18: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (1)

PR07-18: Cross-site Scripting XSS / HTML injection on Webbler CMS admin login page 1 This advisory has been published following consultation with UK CPNI formerly known as NISCC Date Found: 14th June 2007 Successfully tested on: Webbler CMS version 3.1.3. Earlier versions are possibly affected as...

6.3AI score

Exploits0

Exploit DB•added 2007/07/11 12:0 a.m.•31 views

IBM Proventia Sensor Appliance - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/24864/info The IBM Proventia Sensor Appliance is prone to multiple input-validation vulnerabilities, including multiple remote file-include issues and a cross-site scripting issue. An attacker can exploit these issues to steal cookie-based authentication...

7.4AI score

Exploits0

Exploit DB•added 2007/02/03 12:0 a.m.•28 views

PortailPHP 2 - '/mod_news/index.php?chemin' Remote File Inclusion

source: https://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected...

7.4AI score

Exploits0

securityvulns•added 2006/12/01 12:0 a.m.•51 views

LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory 8 LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities Description: LifeType is a Blogging platform built with PHP, designed with maximum customizability, speed and ease of use in mind. Due to program flaws it is possible for the remote attacker to disclo...

5CVSS6.7AI score0.00763EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by