CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1734 matches found

Tenable Nessus•added 2011/02/09 12:0 a.m.•27 views

Apache CouchDB < 1.0.2 Futon Admin Interface XSS

According to its banner, the version of CouchDB running on the remote host is affected by a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied input before it is used in the Futon admin interface. A remote attacker could exploit this to execute arbitrary...

4.3CVSS5.5AI score0.02471EPSS

Exploits0References2

Positive Technologies•added 2011/02/02 12:0 a.m.•1 views

PT-2011-1443 · Apache · Apache Couchdb

Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions 0.8.0 through 1.0.1 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the web administration interface of Apache CouchDB. These vulnerabilities allow remote attackers to inject...

4.3CVSS5.8AI score0.02471EPSS

Exploits0References10

htbridge•added 2011/01/25 12:0 a.m.•23 views

Multiple Vulnerabilities in ViArt Shop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ViArt Shop which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in ViArt Shop The vulnerability exists due to input sanitation...

2.6CVSS6.5AI score

Exploits0Affected Software1

0day.today•added 2011/01/17 12:0 a.m.•25 views

AWBS 2.9.2 (cart.php) Blind SQL Injection Vulnerability

Exploit for php platform in category web applications AWBS 2.9.2 Blind SQL Injection 0day ============================================================================================= Dork....: inurl:/cart?ca=addother&oid= Date....: 01-16-2011 Author..: ShivX Contact.: shivanxatgmaildotcom...

7.1AI score

Exploits0

Packet Storm•added 2011/01/17 12:0 a.m.•31 views

AWBS 2.9.2 Blind SQL Injection

AWBS 2.9.2 Blind SQL Injection 0day ============================================================================================= Dork....: inurl:/cart?ca=addother&oid= Date....: 01-16-2011 Author..: ShivX Contact.: shivanxatgmaildotcom Vendor..: http://www.awbs.com Link....:...

7.4AI score

Exploits0

Exploit DB•added 2011/01/16 12:0 a.m.•42 views

AWBS 2.9.2 - 'cart.php' Blind SQL Injection

7.4AI score

Exploits0

NVD•added 2011/01/10 8:0 p.m.•17 views

CVE-2010-4534

The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...

4CVSS5.6AI score0.00553EPSS

Exploits1References18

Cvelist•added 2011/01/10 7:18 p.m.•35 views

CVE-2010-4534

5.5AI score0.00553EPSS

Exploits1References18

Packet Storm•added 2010/12/25 12:0 a.m.•145 views

Django Admin List Filter Data Extraction

ADVISORY INFORMATION: Advisory ID: NGENUITY-2010-009 Date discovered: 8.28.2010 Date published: 12.22.2010 SOFTWARE AFFECTED: Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. 1 The admin interface of the Django web framework can be abuse...

0.5AI score

Exploits0

Packet Storm•added 2010/12/20 12:0 a.m.•13 views

Openfiler Cross Site Scripting

Good morning again! -- openfiler xss: https://192.168.0.2:446/admin/system.html?step=2&device=et%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3Ebh0...

0.5AI score

Exploits0

securityvulns•added 2010/12/14 12:0 a.m.•127 views

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD

LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD bug discovered & exploited by Kingcope Dec 2010 Lame Xploit Tested with success on FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 FreeBSD 6.3-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86...

7.3AI score

Exploits0

exploitpack•added 2010/12/10 12:0 a.m.•21 views

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Litespeed Web Server 4.0.17 with PHP FreeBSD - Remote Overflow LiteSpeed Web Server 4.0.17 w/ PHP Remote Exploit for FreeBSD bug discovered & exploited by Kingcope Dec 2010 Lame Xploit Tested with success on FreeBSD 8.0-RELEASE - LiteSpeed WebServer 4.0.17 Standard & Enterprise x86 FreeBSD...

0.1AI score

Exploits0

Zero Day Initiative•added 2010/10/27 12:0 a.m.•32 views

Symantec IM Manager Administrative Interface DetailReportGroup.lgx Definition File SQL Injection Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdPageImlogic.aspx page which is exposed through an IIS extension on the defau...

10CVSS7.5AI score0.04622EPSS

Exploits0References1

Tenable Nessus•added 2010/08/17 12:0 a.m.•9 views

CouchDB < 0.11.2 Futon Admin Interface Cross-Site Request Forgery

Binary data 5642.prm...

6.8CVSS7.3AI score0.00531EPSS

Exploits0References2

exploitpack•added 2010/07/06 12:0 a.m.•11 views

Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service

Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service Sun Java Web Sever 7.0 u7 Admin Interface DOS Software Package sjsws-70u7-windows-i586.zip 4fb8d1fb700d5649234a2891a4ecedea While attempting to verify http://www.exploit-db.com/exploits/14194/ which was not verified, I stumbled across...

0.3AI score

Exploits0

seebug.org•added 2010/07/06 12:0 a.m.•16 views

Sun Java Web Sever 7.0 u7 Admin Interface DoS

No description provided by source. Sun Java Web Sever 7.0 u7 Admin Interface DOS Software Package sjsws-70u7-windows-i586.zip 4fb8d1fb700d5649234a2891a4ecedea While attempting to verify http://www.exploit-db.com/exploits/14194/ which was not verified, I stumbled across semi amusing DOS: root@bt: ...

7.1AI score

Exploits0

Packet Storm•added 2010/07/06 12:0 a.m.•15 views

Sun Java Web Server 7.0 u7 Denial Of Service

Sun Java Web Sever 7.0 u7 Admin Interface DOS Software Package sjsws-70u7-windows-i586.zip 4fb8d1fb700d5649234a2891a4ecedea While attempting to verify http://www.exploit-db.com/exploits/14194/ which was not verified, I stumbled across semi amusing DOS: root@bt: nc -nv 192.168.48.134 8800 UNKNOWN...

Exploits0

Exploit DB•added 2010/07/06 12:0 a.m.•26 views

Sun Java Web Server 7.0 u7 - Admin Interface Denial of Service

Sun Java Web Sever 7.0 u7 Admin Interface DOS Software Package sjsws-70u7-windows-i586.zip 4fb8d1fb700d5649234a2891a4ecedea While attempting to verify http://www.exploit-db.com/exploits/14194/ which was not verified, I stumbled across this semi amusing DOS: root@bt: nc -nv 192.168.48.134 8800...

7.4AI score

Exploits0

htbridge•added 2010/07/01 12:0 a.m.•28 views

Multiple Vulnerabilities in Pixie

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Pixie which could be exploited to perform cross-site scripting, script insertions and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in Pixie The vulnerability exists due to input...

7.5CVSS7.6AI score0.00915EPSS

Exploits1Affected Software1

Prion•added 2010/06/24 12:17 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in adminloginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request...

4.3CVSS6.1AI score0.00747EPSS

Exploits1References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by