CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

376 matches found

Exploit DB•added 2015/02/23 12:0 a.m.•35 views

phpBugTracker 1.6.0 - Multiple Vulnerabilities

Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities in phpBugTracker v.1.6.0 Advisory ID: SROEADV-2015-16 Author: Steffen Rösemann Affected Software: phpBugTracker v.1.6.0 Vendor URL: https://github.com/a-v-k/phpBugTracker Vendor Status: patched CVE-ID: will asked to be...

7.5CVSS6.7AI score0.00677EPSS

Exploits4

seebug.org•added 2014/12/12 12:0 a.m.•71 views

MacCMS V8 /inc/module/user.php SQL注入漏洞

No description provided by source...

7.1AI score

Exploits0

Prion•added 2014/12/03 9:59 p.m.•15 views

Sql injection

Multiple SQL injection vulnerabilities in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 action parameter to group.php or 2 user.php or the 3 locationid parameter to photos.php in php/...

6.5CVSS8.8AI score0.00748EPSS

Exploits1References2Affected Software1

NVD•added 2014/08/01 5:12 a.m.•14 views

CVE-2014-3302

user.php in Cisco WebEx Meetings Server 1.5.1.131 and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708...

5.8CVSS6AI score0.00302EPSS

Exploits0References6

Prion•added 2014/08/01 5:12 a.m.•13 views

Design/Logic Flaw

5.8CVSS6.5AI score0.00302EPSS

Exploits0References6Affected Software1

CVE•added 2014/08/01 1:0 a.m.•47 views

CVE-2014-3302

CVE-2014-3302 affects Cisco WebEx Meetings Server (1.5(.1.131) and earlier) in the user.php script. The root cause is an invalid token timer for authenticated encryption, allowing unauthenticated, remote attackers to view sensitive information via crafted URL requests. Exploitation described as u...

5.8CVSS6.1AI score0.00302EPSS

Exploits0References6Affected Software1

seebug.org•added 2014/07/01 12:0 a.m.•15 views

PostNuke 0.723 User.PHP UNAME Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7901/info The PostNuke 'user.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•18 views

Mambo 4.5 Server user.php Script Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9193/info It has been reported that Mambo Server may be prone to an unauthorized access vulnerability that may allow an attacker to modify a user and/or an administrator's information such as password, email, name etc,...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•12 views

PostNuke 0.76 RC4b user.php htmltext Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. This can lead to theft of cookie-based...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•14 views

yblog 0.2.2.2 (xss/sql) Multiple Vulnerabilities

No description provided by source. / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•24 views

VBulletin 1.0.1 lite/2.x/3.0 /admincp/user.php email Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•9 views

Siteframe 3.2.3 (user.php) SQL Injection Vulnerability

No description provided by source. Exploit Title: Siteframe 'user.php' SQL Injection Vulnerability Google Dork: powered by Siteframe Date: 29/12/2010 Author: AnGrY BoY Software Link: http://sitefrane.org/downloads/ Version: Siteframe 3.2.3 Tested on: windows SP2 CVE : N/A expolit:...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•21 views

PHPNuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x user.php uname Parameter XSS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page, 'user.php', which contains malicious script...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•13 views

VBulletin 1.0.1 lite/2.x/3.0 /admincp/user.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14872/info vBulletin is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitatio...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•19 views

PHPX 3.x admin/user.php CSRF Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative command...

7.1AI score

Exploits0

Tenable Nessus•added 2014/06/19 12:0 a.m.•23 views

Symantec Web Gateway < 5.2.1 Multiple Vulnerabilities (SYM14-010)

According to its self-reported version number, the remote web server is hosting a version of Symantec Web Gateway prior to version 5.2.1. It is, therefore, affected by the following vulnerabilities : - A remote command execution flaw exists with the 'SNMPConfig.php' where user input is not proper...

9.8CVSS8.7AI score0.2387EPSS

Exploits0References5

Prion•added 2014/06/18 7:55 p.m.•14 views

Sql injection

SQL injection vulnerability in user.php in the management console in Symantec Web Gateway SWG before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

5.2CVSS8.4AI score0.00715EPSS

Exploits0References4Affected Software1

Zero Day Initiative•added 2014/06/18 12:0 a.m.•19 views

Symantec Web Gateway user.php SQL Injection and snmpConfig.php Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is required to exploit this vulnerability. The specific flaws exist within the user.php and snmpConfig.php files. SQL injection and command injection is possibl...

7.9CVSS6.3AI score0.2387EPSS

Exploits0References1

seebug.org•added 2014/05/23 12:0 a.m.•18 views

PHPSay World v1.0 user.php SQL注入漏洞

user.php id参数未经过过滤，导致SQL注入漏洞。 0 v1.0 更新到最新版本...

7.1AI score

Exploits0

seebug.org•added 2014/03/06 12:0 a.m.•54 views

MediaWiki 'theloadFromSession'函数信息泄露漏洞

BUGTRAQ ID：65883 CVE ID：CVE-2014-2243 MediaWiki是一款Wiki程序。 MediaWiki的includes/User.php脚本'theloadFromSession'函数存在安全漏洞。远程攻击者可通过实施暴力破解攻击利用该漏洞获取会话令牌的访问权限。 0 MediaWiki Mediawiki 2.0.18 MediaWiki Mediawiki = 1.19.11 MediaWiki Mediawiki 1.20.x MediaWiki Mediawiki 1.21.x1.21.6 MediaWiki Mediawiki...

5.8CVSS0.1AI score0.00383EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by