Lucene search
K

1225 matches found

ATTACKERKB
ATTACKERKB
added 2009/02/12 12:0 a.m.181 views

CVE-2009-0545 — ZeroShell Remote Code Execution

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. Recent assessments: hrbrmstr at September 10, 2020 2:42pm UTC reported: MSF module — Assessed Attacker Value: 5...

10CVSS5.5AI score0.90732EPSS
In wildExploits2References7
exploitpack
exploitpack
added 2008/12/02 12:0 a.m.14 views

SunByte e-Flower - id SQL Injection

SunByte e-Flower - id SQL Injection =========================================================== SunByte e-Flower SQL Injection Attack by W4RL0CK =========================================================== VENDOR: Sunbyte URL: http://www.sunbyte.net/ APP: Sunbyte e-Flower eCommerce webapp APP SITE...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2008/12/02 12:0 a.m.29 views

SunByte e-Flower - 'id' SQL Injection

=========================================================== SunByte e-Flower SQL Injection Attack by W4RL0CK =========================================================== VENDOR: Sunbyte URL: http://www.sunbyte.net/ APP: Sunbyte e-Flower eCommerce webapp APP SITE:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/12/02 12:0 a.m.24 views

SunByte e-Flower (id) Remote SQL Injection Vulnerability

No description provided by source. =========================================================== SunByte e-Flower SQL Injection Attack by W4RL0CK =========================================================== VENDOR: Sunbyte URL: http://www.sunbyte.net/ APP: Sunbyte e-Flower eCommerce webapp APP SITE:...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.27 views

Gentoo Security Advisory GLSA 200506-13 (webapp-config)

The remote host is missing updates announced in advisory GLSA 200506-13. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

4.6CVSS6.8AI score0.00985EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.20 views

Gentoo Security Advisory GLSA 200501-12 (tikiwiki)

The remote host is missing updates announced in advisory GLSA 200501-12. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.7AI score0.01807EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.18 views

Gentoo Security Advisory GLSA 200506-13 (webapp-config)

The remote host is missing updates announced in advisory GLSA 200506-13. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.6CVSS7.2AI score0.00985EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.14 views

Gentoo Security Advisory GLSA 200506-20 (cacti)

The remote host is missing updates announced in advisory GLSA 200506-20. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.16552EPSS
Exploits0References11
securityvulns
securityvulns
added 2008/01/12 12:0 a.m.52 views

ImageAlbum Remote SQL Injection Vulnerabilities

ImageAlbum Remote SQL Injection Vulnerabilities ------------------------------------------------------------------------- Product: ImageAlbum Version: Latest 2.0.0b2, others not tested Vendor: http://imagealbum.sourceforge.net/ Date: 01/10/08 - Introduction ImageAlbum is a web application written...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2007/07/22 12:0 a.m.67 views

bwired - index.php?newsID SQL Injection

bwired - index.php?newsID SQL Injection / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ Program Title bwired - Remote SQL Injection Note There is also XSS, PHPSESSID session fixation, and cookie manipulation which I...

Exploits0
0day.today
0day.today
added 2007/07/22 12:0 a.m.135 views

bwired (index.php newsID) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================ bwired index.php newsID Remote SQL Injection Vulnerability ============================================================ / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/28 12:0 a.m.17 views

Pluxml Images.PHP远程文件包含漏洞

Eva-Web是一款基于PHP的WEB应用程序。 Eva-Web不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Index.PHP3'脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 SPIP-Education EVA-Web 2.1.2 SPIP-Education EVA-Web 2.2 SPIP-Education EVA-Web 2.1 SPIP-Education EVA-Web 2.0 目前没有详细解决方案提供:...

7.1AI score
Exploits0
Prion
Prion
added 2007/06/26 11:30 p.m.18 views

Design/Logic Flaw

The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain 1 non-printing characters, 2 certain printing characters that do not commonly occur in URLs, or 3 invalid URL encoding sequences, which has unknown impact and remote...

7.5CVSS7.2AI score0.01126EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/06/26 11:30 p.m.24 views

CVE-2007-3421

The 1 login, 2 admin profile edit, 3 reminder, 4 edit profile, 5 profile view, 6 gallery view, 7 gallery comment, and 8 gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors...

7.5CVSS6.7AI score0.01126EPSS
Exploits0References3
Prion
Prion
added 2007/06/26 11:30 p.m.18 views

Design/Logic Flaw

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the 1 imview2 or 2 imview3 function reads a an internal IM, or a message from a b guest or c removed member, which has unknown impact and...

7.5CVSS7.3AI score0.01126EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/06/26 11:30 p.m.17 views

CVE-2007-3417

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the 1 processsearch or 2...

4.3CVSS5.7AI score0.01022EPSS
Exploits0References3
Prion
Prion
added 2007/06/26 11:30 p.m.22 views

Design/Logic Flaw

The 1 login, 2 admin profile edit, 3 reminder, 4 edit profile, 5 profile view, 6 gallery view, 7 gallery comment, and 8 gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors...

7.5CVSS7.3AI score0.01126EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/06/26 11:30 p.m.16 views

Default credentials

The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the 1 username, 2 password, 3 usertheme, and 4 userlang cookies for unauthorized users, which has unknown impact and remote attack vectors...

7.5CVSS7.3AI score0.01126EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/06/26 11:30 p.m.17 views

CVE-2007-3422

The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain 1 non-printing characters, 2 certain printing characters that do not commonly occur in URLs, or 3 invalid URL encoding sequences, which has unknown impact and remote...

7.5CVSS6.6AI score0.01126EPSS
Exploits0References3
Prion
Prion
added 2007/06/26 11:30 p.m.13 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the administration of 1 polls, 2 profiles, 3 IP bans, and 4 forums in a web-app.org WebAPP 0.8 through 0.9.9.6; and b web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators...

5CVSS7.6AI score0.00581EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder