CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

110 matches found

NVD•added 2010/08/25 8:0 p.m.•9 views

CVE-2009-4980

Multiple cross-site scripting XSS vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 where parameter to search.php and 2 qc parameter to admin.php...

4.3CVSS5.8AI score0.01042EPSS

Exploits0References3

Prion•added 2010/01/06 10:0 p.m.•12 views

Directory traversal

Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter...

6.8CVSS7.7AI score0.05236EPSS

Exploits1References4Affected Software1

Prion•added 2009/07/07 7:30 p.m.•18 views

Code injection

The web-based management interfaces in Sourcefire Defense Center DC and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components...

9CVSS7.2AI score0.09255EPSS

Exploits1References6Affected Software2

NVD•added 2007/12/20 12:46 a.m.•13 views

CVE-2007-6458

SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php...

7.5CVSS8.3AI score0.02031EPSS

Exploits1References3

Cvelist•added 2007/12/20 12:0 a.m.•20 views

CVE-2007-6458

SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php...

8.3AI score0.02031EPSS

Exploits1References3

Prion•added 2007/04/18 10:19 a.m.•10 views

Directory traversal

Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the adminskin parameter...

7.5CVSS7.6AI score0.0151EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2007/03/28 12:0 a.m.•2 views

PT-2007-3098 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress version 2.1.2 Description: A cross-site scripting XSS issue exists, potentially allowing remote authenticated administrators to inject arbitrary web script or HTML. The issue is related to the demo parameter in the wp-admin/admin.ph...

3.5CVSS5.7AI score0.01539EPSS

Exploits0References10

Prion•added 2006/03/19 11:6 a.m.•12 views

Authentication flaw

admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie...

10CVSS7.5AI score0.03539EPSS

Exploits1References8Affected Software1

exploitpack•added 2005/07/26 12:0 a.m.•21 views

NETonE PHPBook 1.4.6 - Guestbook.php Cross-Site Scripting

NETonE PHPBook 1.4.6 - Guestbook.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14390/info NETonE PHPBook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input to the 'admin' parameter of the 'guestbook.php'...

6.8AI score

Exploits0

Cvelist•added 2005/07/14 4:0 a.m.•24 views

CVE-2001-1524

Cross-site scripting XSS vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 uname parameter in user.php, 2 ttitle, letter and file parameters in modules.php, 3 subject, story and storyext parameters in submit.php, 4 upload paramete...

5.8AI score0.02013EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by