Lucene search
+L

6058 matches found

Exploit DB
Exploit DB
added 2010/12/06 12:0 a.m.115 views

phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification

PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili Marco 'whitesheep' Rondini Alessandro 'scox' Scoscia In error.php, PhpMyAdmin permit to insert text and restricted tag, like BBCode. With tag a@url@pageClick Me/a, you can insert your own...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2010/11/10 7:0 p.m.3 views

kernel: RDS sockets local privilege escalation

The rdspagecopyuser function in net/rds/page.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg syste...

7.8CVSS6.6AI score0.12159EPSS
Exploits16References5
exploitpack
exploitpack
added 2010/10/13 12:0 a.m.56 views

Oracle Solaris - su Crash

Oracle Solaris - su Crash From http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/su/su.c 521 for j = 0; initenvj != 0; j++ 1 522 if initvar = getenvinitenvj 2 ... 535 else 536 var = char 537 mallocstrleninitenvj 3 538 + strleninitvar 539 + 2; 540 void strcpyvar, initenvj; 4 'su'...

6.3CVSS0.0079EPSS
Exploits6
xssed
xssed
added 2010/09/07 12:0 a.m.10 views

Unfixed XSS vulnerability at courriel.cyberpresse.ca

Security researcher h3xStream, has submitted on 09/07/2010 a cross-site-scripting XSS vulnerability affecting courriel.cyberpresse.ca, which at the time of submission ranked 3431 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2010. It is...

6.6AI score
Exploits0References1
FreeBSD Advisory
FreeBSD Advisory
added 2010/05/27 12:0 a.m.12 views

FreeBSD-SA-10:06.nfsclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-10:06.nfsclient Security Advisory The FreeBSD Project Topic: Unvalidated input in nfsclient Category: core Module: nfsclient Announced: 2010-05-27 Credits:...

6.9CVSS6.1AI score0.00867EPSS
Exploits0
FreeBSD
FreeBSD
added 2010/05/27 12:0 a.m.17 views

FreeBSD -- Unvalidated input in nfsclient

Problem Description: The NFS client subsystem fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted...

1.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2010/05/11 12:0 a.m.7 views

PT-2010-2986 · Adobe · Shockwave Player

Name of the Vulnerable Software and Affected Versions: Adobe Shockwave Player versions prior to 11.5.7.609 Description: The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This is achieved through a crafted .dir file that exploits the...

9.3CVSS8.9AI score0.07484EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2010/04/27 12:0 a.m.15 views

FreeBSD : joomla -- multiple vulnerabilities (8d10038e-515c-11df-83fb-0015587e2cc1)

Joomla! reported the following vulnerabilities : If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system.. The migration script in the Joomla! installer does not check the file type being uploaded. If the installation...

5.9AI score
Exploits0References5
xssed
xssed
added 2010/03/24 12:0 a.m.13 views

Unfixed XSS vulnerability at www.noah.org

Security researcher inside0ut, has submitted on 24/03/2010 a cross-site-scripting XSS vulnerability affecting www.noah.org, which at the time of submission ranked 462254 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is currentl...

6.6AI score
Exploits0References1
FreeBSD
FreeBSD
added 2010/01/06 12:0 a.m.15 views

FreeBSD -- BIND named(8) cache poisoning with DNSSEC validation

Problem Description: If a client requests DNSSEC records with the Checking Disabled CD flag set, BIND may cache the unvalidated responses. These responses may later be returned to another client that has not set the CD flag...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2010/01/03 12:0 a.m.14 views

PHP Banner Exchange 1.2 - signupconfirm.php Cross-Site Scripting

PHP Banner Exchange 1.2 - signupconfirm.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40165/info PHP Banner Exchange is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issu...

6.8AI score
Exploits0
Oracle linux
Oracle linux
added 2009/11/30 12:0 a.m.42 views

bind security update

30:9.3.6-4.P1.1 - don't cache unvalidated additional sections 538744...

2.6CVSS1.5AI score0.07952EPSS
Exploits1
xssed
xssed
added 2009/08/17 12:0 a.m.13 views

Unfixed XSS vulnerability at www.maidasoli.com

Security researcher Langy, has submitted on 17/08/2009 a cross-site-scripting XSS vulnerability affecting www.maidasoli.com, which at the time of submission ranked 1117839 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/07/2010. It is...

6.6AI score
Exploits0References1
xssed
xssed
added 2009/07/09 12:0 a.m.16 views

Unfixed XSS vulnerability at www.pornosextube.net

Security researcher CLaYMoRE, has submitted on 07/09/2009 a cross-site-scripting XSS vulnerability affecting www.pornosextube.net, which at the time of submission ranked 6962099 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/09/2009. It is...

0.1AI score
Exploits0References1
securityvulns
securityvulns
added 2009/06/27 12:0 a.m.25 views

Multiple MSN messengers SSL certificates vulnerabilities

Server certificate is not validated...

3AI score
Exploits0References3Affected Software3
Prion
Prion
added 2009/04/06 6:30 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advancedsearchresult page. NOTE: the provenance of this information is unknown; the details are obtained solely from...

4.3CVSS6AI score0.01436EPSS
Exploits1References3Affected Software1
0day.today
0day.today
added 2008/04/06 12:0 a.m.15 views

Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability

Exploit for unknown platform in category web applications ============================================================ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability ============================================================...

7.1AI score
Exploits0
xssed
xssed
added 2008/03/24 12:0 a.m.10 views

Unfixed XSS vulnerability at www.crazysoft-ppc-games.com

Security researcher cueballr, has submitted on 24/03/2008 a cross-site-scripting XSS vulnerability affecting www.crazysoft-ppc-games.com, which at the time of submission ranked 6776159 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/03/2008...

Exploits0References1
securityvulns
securityvulns
added 2008/03/13 12:0 a.m.55 views

XSS in PHP-Nuke (eWeather module)

//////////XSS in PHP-Nuke eWeather module PHP-Nuke http://phpnuke.org: PHP-Nuke is a news automated system specially designed to be used in Intranets and Internet. The Administrator has total control of his web site, registered users, and he will have in the hand a powerful assembly of tools to...

0.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/02/12 4:53 p.m.5 views

kernel vmsplice_to_pipe flaw

The vmsplicetopipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010...

7.2CVSS5.8AI score0.0354EPSS
Exploits3References4
Rows per page
Query Builder