Lucene search
+L

6058 matches found

Cvelist
Cvelist
added 2006/08/31 8:0 p.m.29 views

CVE-2006-4468

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the 1 mosMail, 2 JosIsValidEmail, and 3 josSpoofValue functions; 4 the lack of inclusion of globals.php in...

6.8AI score0.01923EPSS
Exploits0References5
CVE
CVE
added 2006/08/31 8:0 p.m.60 views

CVE-2006-4468

CVE-2006-4468 affects Joomla! prior to 1.0.11. The vulnerability set involves multiple input- handling weaknesses (unvalidated input) across several components: mosMail, JosIsValidEmail, josSpoofValue, missing inclusion of globals.php in administrator/index.php, Admin User Manager, and the poll m...

6.8CVSS6.8AI score0.01923EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2006/08/11 12:0 a.m.43 views

Dragonfly CMS 9.0.6.1 and prior XSS

HeLiOsZ - Dark End Team - Internet Security Team Dragonfly CMS 9.0.6.1 and prior XSS IRC: darkend.sytes.net darkend , http://darkend.sytes.net & http://www.darkend.org Rish : Medium Type : web applet Creator: http://www.cpgnuke.com/ Exploit: - The vuln is in the search section,it don't validate t...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2006/07/24 12:0 a.m.48 views

osDate 1.1.7 multiple vulnerabilities

/ osDate 1.1.7 advisory / Date of written Advisory: ------------------------- July, 18 2006 Product: -------- OSdate = 1.1.7 Vendor: ------- http://tufat.com/ Description: ------------ osDate is a full fledged dating script which can be eaily integrated with phpBB and flashChat, and provides...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2006/06/15 12:0 a.m.42 views

Improper Validation of User-mode Pointers

Improper Validation of User-mode Pointers Many of the hooks that KAV installs and even the custom system services suffer from flaws that are detrimental to the operation of the system. For instance, KAV's modified NtOpenProcess attempts to determine if a user address is valid by comparing it to t...

0.1AI score
Exploits0
Prion
Prion
added 2006/05/24 1:2 a.m.21 views

Authentication flaw

Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic...

7.5CVSS7.1AI score0.01704EPSS
Exploits0References6Affected Software1
exploitpack
exploitpack
added 2006/03/25 12:0 a.m.31 views

WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution

WebAlbum 2.02pl - COOKIEskin2 Remote Code Execution !/usr/bin/php -q -d shortopentag=on this works with magicquotesgpc=Off\r\n"; echo "dork: WEBalbum 2004-2006 duda\r\n"; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2006/03/06 12:0 a.m.21 views

aztek40.txt

/==========================================/ // AZTEK forums 4.0 multiple vulnerabilities PoC // Product: AZTEK forums // URL: http://www.forum-aztek.com/ // RISK: high /==========================================/ PoC 1- XSS - Post a message including the following line: '"alertdocument.cookie -...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/03/03 12:0 a.m.23 views

AZTEK forums 4.0 multiple vulnerabilities (PoC)

/==========================================/ // AZTEK forums 4.0 multiple vulnerabilities PoC // Product: AZTEK forums // URL: http://www.forum-aztek.com/ // RISK: high /==========================================/ PoC 1- XSS - Post a message including the following line:...

Exploits0
Gentoo Linux
Gentoo Linux
added 2005/10/17 12:0 a.m.63 views

phpMyAdmin: Local file inclusion vulnerability

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Maksymilian Arciemowicz reported that in libraries/grabglobals.lib.php, the $redirect parameter was not correctly validated. Systems running PHP in safe mode are not affected...

5CVSS9.3AI score0.15919EPSS
Exploits0
Exploit DB
Exploit DB
added 2005/07/19 12:0 a.m.19 views

FForm Sender 1.0 - 'Processform.php3?Name' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14324/info A cross-site scripting vulnerability affects Form Sender. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages. This may facilitate the theft of...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2005/03/16 12:0 a.m.62 views

SimpGB SQL Injection Vulnerability

Hi, The PHP guestbook SimpGB 1, written by Boesch IT-Consulting 2 can be exploited to gain userdata. The quote variable isn't checked carefully in simpgb/include/gbnew.inc called by guestbook.php. I wrote a proof of concept which shows a md5 hash and the username, read from the database...

7AI score
Exploits0
securityvulns
securityvulns
added 2005/03/11 12:0 a.m.33 views

Wfsection 1.07 vulnerabilities

Program: wfsections Verion: 1.07 Bug Type: SQL Injection Bug Discription: ================================= In file class/wfsfiles.php, we can see this function: //START function getAllbyArticle$articleid $db =& Database::getInstance; $table = $db-prefix"wfsfiles"; $ret = array; $sql = "SELECT FR...

7.8AI score
Exploits0
exploitpack
exploitpack
added 2005/01/25 12:0 a.m.21 views

AWStats 6.0 6.2 - configdir Remote Command Execution (C)

AWStats 6.0 6.2 - configdir Remote Command Execution C / AwStats exploit by Thunder, [email protected] This exploit makes use of the remote command execution bug discovered in AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script. The script does not sanitise correctly the us...

Exploits0
Gentoo Linux
Gentoo Linux
added 2005/01/10 12:0 a.m.23 views

TikiWiki: Arbitrary command execution

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...

7.5CVSS2.3AI score0.01807EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.25 views

Debian DSA-033-1 : analog - buffer overflow

The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16. A malicious user could use an ALIAS command to construct very long strings which were not checked for length and boundaries. This bug is particularly dangerous if the form...

10CVSS5.8AI score0.04398EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2004/09/27 12:0 a.m.19 views

FreezingCold Broadboard - 'profile.asp' SQL Injection

source: https://www.securityfocus.com/bid/11250/info Reportedly BroadBoard Message Board is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI input prior to using it in an SQL query. An attacker may...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/08/30 12:0 a.m.31 views

[NGSEC-2004-7] NtRegmon, local system denial of service.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Next Generation Security Technologies http://www.ngsec.com Security Advisory Title: NtRegmon, local system denial of service. ID: NGSEC-2004-7 Application: NtRegmon http://www.sysinternals.com/ntw2k/source/regmon.shtml Date: 14/Aug/2004 Status: Patche...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2004/08/25 12:0 a.m.18 views

Sysinternals Regmon 6.11 - Local Denial of Service

Sysinternals Regmon 6.11 - Local Denial of Service // source: https://www.securityfocus.com/bid/11042/info Regmon is reported prone to a local denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions and references unvalidated...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2004/08/25 12:0 a.m.40 views

Sysinternals Regmon 6.11 - Local Denial of Service

// source: https://www.securityfocus.com/bid/11042/info Regmon is reported prone to a local denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions and references unvalidated pointers to kernel functions. Successful exploitation m...

7.4AI score
Exploits0
Rows per page
Query Builder