CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

404 matches found

NVD•added 2009/11/30 9:30 p.m.•10 views

CVE-2009-4115

Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the 1 category and 2 Icon URL fields; or 3 inject arbitrary PHP...

6.5CVSS7.1AI score0.01829EPSS

Exploits1References3

Prion•added 2009/11/30 9:30 p.m.•17 views

Code injection

6.5CVSS7.6AI score0.01829EPSS

Exploits1References3Affected Software1

Prion•added 2009/10/27 4:30 p.m.•14 views

Code injection

Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters...

6.5CVSS8AI score0.00424EPSS

Exploits1References1Affected Software1

Cvelist•added 2009/10/27 4:0 p.m.•12 views

CVE-2009-3814

7.5AI score0.00424EPSS

Exploits1References1

CVE•added 2009/10/27 4:0 p.m.•34 views

CVE-2009-3814

CVE-2009-3814 describes a static code injection in RunCMS 2M1. The vulnerability allows remote authenticated administrators to execute arbitrary PHP code through the ilter/Banningeature, demonstrated by modifying modules/system/cache/bademails.php via the "Prohibited: Emails" action and other u...

6.5CVSS7.5AI score0.00424EPSS

Exploits1References1Affected Software1

CVE•added 2009/10/22 5:0 p.m.•43 views

CVE-2009-3760

CVE-2009-3760 affects the Citrix XenCenterWeb XenServer Resource Kit sample code: a vulnerability in config/writeconfig.php where the pool1 parameter enables static code injection into include/config.ini.php, allowing remote attackers to inject arbitrary PHP code. Root cause is improper handling ...

7.5CVSS7.2AI score0.08382EPSS

Exploits1References6Affected Software1

CVE•added 2009/08/12 10:0 a.m.•39 views

CVE-2008-6956

CVE-2008-6956 affects mxCamArchive 2.2 in the admin/admin.php component. It is a static code injection vulnerability that allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, with execution triggered by index.php. The C...

6.5CVSS7.1AI score0.01313EPSS

Exploits0References4Affected Software1

Prion•added 2009/08/11 9:0 p.m.•4 views

Code injection

Static code injection vulnerability in Sanus|artificium aka Sanusart Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is...

7.5CVSS7.8AI score0.06606EPSS

Exploits1References7

NVD•added 2009/08/11 9:0 p.m.•5 views

CVE-2008-6934

7.5CVSS7.2AI score0.06606EPSS

Exploits1References7

NVD•added 2009/08/11 10:30 a.m.•11 views

CVE-2009-2736

Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action...

6.5CVSS6.8AI score0.01511EPSS

Exploits0References5

Cvelist•added 2009/08/11 10:0 a.m.•18 views

CVE-2009-2736

6.8AI score0.01511EPSS

Exploits0References5

CVE•added 2009/08/11 10:0 a.m.•40 views

CVE-2009-2736

CVE-2009-2736 concerns sun-jester OpenNews 1.0. The vulnerability is a static code injection in admin.php that allows remote authenticated administrators to inject arbitrary PHP code into config.php via the “Overall Width” field in a setconfig action. The issue originates from the admin.php compo...

6.5CVSS7AI score0.01511EPSS

Exploits0References5Affected Software1

Tenable Nessus•added 2009/07/21 12:0 a.m.•39 views

openSUSE Security Update : phpMyAdmin (phpMyAdmin-711)

This update of phpMyAdmin fixes multiple vulnerabilities : - CVE-2009-1148: directory traversal - CVE-2009-1149: CRLF injection - CVE-2009-1150: cross-site scripting - CVE-2009-1151: static code injection %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

9.8CVSS9.6AI score0.93271EPSS

Exploits16References5

NVD•added 2009/07/05 4:30 p.m.•9 views

CVE-2009-2333

Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the menu parameter to admin/adminmenu.php, and the id parameter to 2 index.php and 3 admin/adminedit.php; and 4 delete arbitrary...

7.5CVSS7.6AI score0.01507EPSS

Exploits0References5

OpenVAS•added 2009/06/30 12:0 a.m.•44 views

Debian Security Advisory DSA 1824-1 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 1824-1. OpenVAS Vulnerability Test $Id: deb18241.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1824-1 phpmyadmin Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

7.5CVSS0.3AI score0.93271EPSS

Exploits16

Prion•added 2009/06/18 9:30 p.m.•8 views

Code injection

Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...

10CVSS7.7AI score0.04622EPSS

Exploits0References4Affected Software1

NVD•added 2009/06/18 9:30 p.m.•6 views

CVE-2009-2111

Static code injection vulnerability in addreg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted 1 url and 2 location parameter...

10CVSS7.2AI score0.04622EPSS

Exploits0References4

CVE•added 2009/06/18 9:0 p.m.•44 views

CVE-2009-2111

CVE-2009-2111 affects DB Top Sites 1.0, with a vulnerability in the file add_reg.php that allows static code injection . A remote attacker can inject arbitrary PHP code by supplying crafted parameters for the (1) url and (2) location, enabling code execution on the affected system. This is docume...

10CVSS7.4AI score0.04622EPSS

Exploits0References4Affected Software1

OpenVAS•added 2009/05/25 12:0 a.m.•32 views

Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2009:115. OpenVAS Vulnerability Test $Id: mdksa2009115.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:115 phpMyAdmin Authors: Thomas Reinke Copyright: Copyright c 2009...

7.5CVSS0.2AI score0.93271EPSS

Exploits16

OpenVAS•added 2009/05/25 12:0 a.m.•47 views

Mandrake Security Advisory MDVSA-2009:115 (phpMyAdmin)

The remote host is missing an update to phpMyAdmin announced via advisory MDVSA-2009:115. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

9.8CVSS9.5AI score0.93271EPSS

Exploits16References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by