Lucene search
K

2388 matches found

ATTACKERKB
ATTACKERKB
added 2007/12/20 8:46 p.m.1 views

CVE-2007-6486

Multiple cross-site scripting XSS vulnerabilities in shout.php aka the shoutbox in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 username nickname or 2 message parameter. NOTE: some of these details are obtained from third party information...

4.3CVSS5.5AI score0.01033EPSS
Exploits0References6
Prion
Prion
added 2007/12/20 12:46 a.m.17 views

Sql injection

SQL injection vulnerability in index.php in phpRPG 0.8, when magicqutoesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

9.3CVSS9AI score0.01566EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/12/20 12:46 a.m.2 views

CVE-2007-6469

SQL injection vulnerability in index.php in phpRPG 0.8, when magicqutoesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...

9.3CVSS6.4AI score0.01566EPSS
Exploits0References5
CVE
CVE
added 2007/12/20 12:0 a.m.36 views

CVE-2007-6469

CVE-2007-6469 affects phpRPG 0.8 with an SQL injection in index.php triggered via the username parameter when magic_quotes_gpc is disabled. Remote attackers could potentially execute arbitrary SQL commands. The public records supplied do not include exploitation details or a confirmed remediation...

9.3CVSS8.3AI score0.01566EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/11/29 1:46 a.m.22 views

CVE-2007-6168

SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

7.5CVSS7.9AI score0.01063EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2007/11/09 12:0 a.m.21 views

FreeBSD : tikiwiki -- multiple vulnerabilities (20a4eb11-8ea3-11dc-a396-0016179b2dd5)

Secunia reports : Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when...

7.5CVSS5.4AI score0.03024EPSS
Exploits1References5
NVD
NVD
added 2007/10/29 10:46 p.m.17 views

CVE-2007-5702

Cross-site scripting XSS vulnerability in swamp/action/LoginActions aka the login box in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtaine...

4.3CVSS5.7AI score0.01366EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2007/10/26 6:46 p.m.23 views

CVE-2007-5683

Multiple cross-site scripting XSS vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter to the password reminder page tiki-remindpassword.php, 2 IMG tags in wiki pages, and 3 the localphp parameter to...

4.3CVSS6AI score0.00885EPSS
Exploits0References1
Cvelist
Cvelist
added 2007/10/03 2:0 p.m.20 views

CVE-2007-5176

Multiple cross-site scripting XSS vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 NADISPLAYNAME parameter in helpdesk/user/rfcreate.jsp and the 2 username and 3 LDAPError parameters in index2.jsp. NOTE: the provenance of this...

5.7AI score0.01859EPSS
Exploits0References6
Prion
Prion
added 2007/08/28 12:17 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in tiki-remindpassword.php in Tikiwiki aka Tiki CMS/Groupware 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7...

4.3CVSS5.8AI score0.03807EPSS
Exploits2References5Affected Software1
UbuntuCve
UbuntuCve
added 2007/08/28 12:17 a.m.20 views

CVE-2007-4554

Cross-site scripting XSS vulnerability in tiki-remindpassword.php in Tikiwiki aka Tiki CMS/Groupware 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7...

4.3CVSS5.9AI score0.01737EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2007/08/27 12:0 a.m.19 views

tikiwiki -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when remi...

7.5CVSS6.8AI score0.03024EPSS
Exploits1References2
NVD
NVD
added 2007/07/25 6:30 p.m.16 views

CVE-2007-3992

SQL injection vulnerability in virlogin.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely...

7.5CVSS8AI score0.01013EPSS
Exploits0References1
Prion
Prion
added 2007/07/25 6:30 p.m.14 views

Sql injection

SQL injection vulnerability in virlogin.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely...

7.5CVSS8.4AI score0.01178EPSS
Exploits0References1
NVD
NVD
added 2007/06/06 10:30 p.m.26 views

CVE-2007-3097

my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter...

7.5CVSS7.6AI score0.02204EPSS
Exploits0References8
Prion
Prion
added 2007/05/11 5:19 p.m.10 views

Sql injection

SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries...

7.5CVSS8.9AI score0.01091EPSS
Exploits0References5
NVD
NVD
added 2007/05/11 4:19 p.m.17 views

CVE-2007-2622

Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the username parameter to login.php or 2 the taskid parameter to notes.php...

7.5CVSS8.5AI score0.01257EPSS
Exploits0References7
Prion
Prion
added 2007/04/19 10:19 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

6.8CVSS6.1AI score0.01183EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/04/19 10:0 a.m.20 views

CVE-2007-2153

Cross-site scripting XSS vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

5.7AI score0.01183EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2007/04/12 7:19 p.m.2 views

CVE-2007-2011

Cross-site scripting XSS vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

4.3CVSS5.7AI score0.01871EPSS
Exploits1References8
Rows per page
Query Builder