Lucene search
+L

578 matches found

cnvd
cnvd
added 2015/02/13 12:0 a.m.7 views

u5CMS Open Redirect Vulnerability

u5CMS is a content management system CMS based on PHP, MySQL and Apache for medium-sized websites, conferences, audit processes, PayPal payments and online surveys. The system supports WYSIWYG editor, creating survey forms and data storage. An open redirect vulnerability exists in u5CMS. A remote...

5.8CVSS6.8AI score0.06559EPSS
Exploits2References1
cnvd
cnvd
added 2015/01/08 12:0 a.m.3 views

NYU OpenSSO Integration Redirection Vulnerability

NYU OpenSSO Integration is a system that integrates PDS and Sun OpenSSO identity management applications. A redirection vulnerability exists in NYU OpenSSO Integration 2.1 and earlier, which allows remote attackers to redirect a user to an arbitrary web site via a redirection in the url parameter...

5.8CVSS6.8AI score0.02036EPSS
Exploits1References1
nvd
nvd
added 2014/12/16 6:59 p.m.12 views

CVE-2014-8751

Multiple cross-site scripting XSS vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the 1 searchparam parameter to search.php or 2 name, 3 address, or 4 comment parameter to forms.php...

4.3CVSS5.8AI score0.01423EPSS
Exploits1References2
seebug
seebug
added 2014/07/01 12:0 a.m.19 views

Open Web Analytics 1.5.4 - (owa_email_address param) - SQL Injection Vulnerability

No description provided by source...

7.1AI score
Exploits0
jvn
jvn
added 2014/04/16 6:6 a.m.7 views

Redmine vulnerable to open redirect

Overview Redmine is a project management software. Redmine contains an open redirect vulnerability due to insufficient checking of the URL parameter. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

5.8CVSS6.8AI score0.02716EPSS
Exploits1References7
attackerkb
attackerkb
added 2012/02/14 5:55 p.m.2 views

CVE-2011-5079

Open redirect vulnerability in the Modern FAQ irfaq extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."...

5.8CVSS5.8AI score0.01167EPSS
Exploits0References8
prion
prion
added 2010/06/15 2:30 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...

2.6CVSS6AI score0.01028EPSS
Exploits1References4Affected Software1
ubuntucve
ubuntucve
added 2010/05/04 4:0 p.m.18 views

CVE-2010-1707

Multiple cross-site scripting XSS vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 login and 2 mailaddress parameters...

4.3CVSS5.9AI score0.00902EPSS
Exploits1References1
prion
prion
added 2010/04/13 8:30 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter...

4.3CVSS6.1AI score0.00929EPSS
Exploits1References2
nvd
nvd
added 2010/04/13 8:30 p.m.16 views

CVE-2010-1371

Cross-site scripting XSS vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter...

4.3CVSS5.7AI score0.00929EPSS
Exploits1References2
prion
prion
added 2009/08/03 2:30 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter...

4.3CVSS6.2AI score0.01475EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2009/06/19 7:30 p.m.1 views

CVE-2009-2134

pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message...

5CVSS5.5AI score0.02496EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2008/04/23 12:0 a.m.6 views

PT-2008-3453 · Util Linux Ng +1 · Util-Linux-Ng +1

Name of the Vulnerable Software and Affected Versions: util-linux-ng versions 2.14 and earlier Description: The issue allows remote attackers to modify log events, making it easier to hide activities. This is achieved by injecting arguments into the login process, demonstrated by appending an...

7.5CVSS6.2AI score0.03866EPSS
Exploits1References21
ptsecurity
ptsecurity
added 2006/12/31 12:0 a.m.6 views

PT-2006-7435 · Rediff · Rediff Bol Downloader Activex

Name of the Vulnerable Software and Affected Versions: Rediff Bol Downloader ActiveX OCX control affected versions not specified Description: The issue allows remote attackers to execute arbitrary files and obtain sensitive information, such as usernames and pathnames, by providing a URL in the u...

7.5CVSS7.1AI score0.02298EPSS
Exploits1References6
prion
prion
added 2006/05/24 11:2 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 homepage, 3 email, and 4 address parameters...

2.6CVSS6.2AI score0.01366EPSS
Exploits0References8Affected Software1
nvd
nvd
added 2006/05/24 11:2 p.m.13 views

CVE-2006-2572

Cross-site scripting XSS vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 homepage, 3 email, and 4 address parameters...

2.6CVSS5.7AI score0.01366EPSS
Exploits0References8
cvelist
cvelist
added 2005/12/09 3:0 p.m.21 views

CVE-2005-4136

Cross-site scripting XSS vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter...

5.7AI score0.01752EPSS
Exploits1References4
cvelist
cvelist
added 2002/06/11 4:0 a.m.27 views

CVE-2002-0436

sscdsuncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter...

7.6AI score0.1187EPSS
Exploits0References3
Rows per page
Query Builder