CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

5285 matches found

Exploit DB•added 2007/12/17 12:0 a.m.•22 views

PHP Security Framework - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/26898/info PHP Security Framework is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and remote file-include issues. A successful exploit may allow an attacker to execute malicious code within the context of the...

exploitpack•added 2007/12/05 12:0 a.m.•9 views

VisualShapers EZContents 1.4.5 - File Disclosure

VisualShapers EZContents 1.4.5 - File Disclosure source: https://www.securityfocus.com/bid/26737/info VisualShapers ezContents is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process. An attacker can exploit...

Exploit DB•added 2007/12/05 12:0 a.m.•15 views

VisualShapers EZContents 1.4.5 - File Disclosure

source: https://www.securityfocus.com/bid/26737/info VisualShapers ezContents is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process. An attacker can exploit this issue to retrieve potentially sensitive...

seebug.org•added 2007/12/04 12:0 a.m.•39 views

ht://Dig Htsearch跨站脚本漏洞

ht://Dig是一款用来webserver的索引和搜索文件的应用程序。 ht://Dig不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。问题是由于'sytnax.html'脚本对用户提交的WEB参数缺少过滤，提交恶意脚本代码作为参数数据，可导致获得目标用户敏感信息。测试方法 http://foo.bar/cgi-bin/htsearch?config=&restrict=&exclude=&method=and&format=builtin-long&sort=scriptalert"foo"/script&words=foo ht://Dig...

exploitpack•added 2007/12/04 12:0 a.m.•17 views

Absolute News Manager .NET 5.1 - getpath.aspx Direct Request Error Message Information

Absolute News Manager .NET 5.1 - getpath.aspx Direct Request Error Message Information source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure...

exploitpack•added 2007/12/04 12:0 a.m.•11 views

Absolute News Manager .NET 5.1 - pagesdefault.aspx?template Cross-Site Scripting

Absolute News Manager .NET 5.1 - pagesdefault.aspx?template Cross-Site Scripting source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues...

Exploit DB•added 2007/12/04 12:0 a.m.•21 views

Absolute News Manager .NET 5.1 - '/pages/default.aspx?template' Remote File Access

source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication...

Exploit DB•added 2007/12/04 12:0 a.m.•36 views

Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx?rmore' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication...

Exploit DB•added 2007/12/04 12:0 a.m.•19 views

Absolute News Manager .NET 5.1 - 'xlaabsolutenm.aspx' Multiple SQL Injections

source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication...

Exploit DB•added 2007/12/04 12:0 a.m.•36 views

Absolute News Manager .NET 5.1 - 'getpath.aspx' Direct Request Error Message Information

source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication...

Exploit DB•added 2007/12/04 12:0 a.m.•28 views

Absolute News Manager .NET 5.1 - '/pages/default.aspx?template' Cross-Site Scripting

source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication...

exploitpack•added 2007/11/21 12:0 a.m.•17 views

Underground CMS 1.x - Search.Cache.Inc.php Backdoor Access

Underground CMS 1.x - Search.Cache.Inc.php Backdoor Access Ucms v. 1.8 Np exploit function sethostseite document.host.action = seite + 'index.php?&q=test&e=1'; document.all.data.innerHTML = document.host.action; Ucms v. 1.8 Np exploit Actual Request: Host: Password: Phpcode: phpinfo; ? !-- It�s...

exploitpack•added 2007/11/21 12:0 a.m.•10 views

GWExtranet - Multiple Directory Traversal Vulnerabilities

GWExtranet - Multiple Directory Traversal Vulnerabilities source: https://www.securityfocus.com/bid/26525/info GWExtranet is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve...

Exploit DB•added 2007/11/21 12:0 a.m.•23 views

GWExtranet - Multiple Directory Traversal Vulnerabilities

source: https://www.securityfocus.com/bid/26525/info GWExtranet is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of t...

Exploit DB•added 2007/11/21 12:0 a.m.•17 views

Underground CMS 1.x - 'Search.Cache.Inc.php' Backdoor Access

Ucms v. 1.8 Np exploit function sethostseite document.host.action = seite + 'index.php?&q=test&e=1'; document.all.data.innerHTML = document.host.action; Ucms v. 1.8 Np exploit Actual Request: Host: Password: Phpcode: phpinfo; ? !-- It�s just a crime to do such thigs, so please use this exploit ju...

Tenable Nessus•added 2007/11/20 12:0 a.m.•33 views

openSUSE 10 Security Update : apache2 (apache2-4666)

Several bugs were fixed in the Apache2 webserver : These include the following security issues : - CVE-2006-5752: modstatus: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset 'detection'. - CVE-2007-1863:...

6.1CVSS7AI score0.27783EPSS

Exploits2References5

securityvulns•added 2007/11/19 12:0 a.m.•34 views

[Full-disclosure] Certificate spoofing issue with Mozilla, Konqueror, Safari 2

Moin Mozilla based browsers Firefox, Netscape, ..., Konqueror and Safari 2 do not bind a user-approved webserver certificate to the originating domain name. This makes the user vulnerable to certificate spoofing by "subjectAltName:dNSName" extensions. I set up a demonstration at...

exploitpack•added 2007/11/10 12:0 a.m.•14 views

PHP-Nuke 8.0 - autohtml.php Local File Inclusion

PHP-Nuke 8.0 - autohtml.php Local File Inclusion source: https://www.securityfocus.com/bid/26807/info Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and...

Exploit DB•added 2007/11/10 12:0 a.m.•27 views

PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion

source: https://www.securityfocus.com/bid/26807/info Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view files and execute local scripts in the context of the...

exploitpack•added 2007/11/06 12:0 a.m.•11 views

Weblord.it MS-TopSites - Unauthorized Access HTML Injection

Weblord.it MS-TopSites - Unauthorized Access HTML Injection source: https://www.securityfocus.com/bid/26358/info MS-TopSites is prone to an unauthorized-access vulnerability and an HTML-injection vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by