Lucene search
K

1577 matches found

seebug.org
seebug.org
added 2007/07/07 12:0 a.m.22 views

phpVID 0.9.9 (categories_type.php cat) SQL Injection Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ phpVID SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/07/06 12:0 a.m.13 views

PHPVID 0.9.9 - categories_type.php SQL Injection

PHPVID 0.9.9 - categoriestype.php SQL Injection --==+================================================================================+==-- --==+ phpVID SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz &...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2007/07/06 12:0 a.m.53 views

PHPVID 0.9.9 - 'categories_type.php' SQL Injection

--==+================================================================================+==-- --==+ phpVID SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: http://www.vastal.com/ DORK:...

7.4AI score
Exploits0
Prion
Prion
added 2007/04/24 5:19 p.m.12 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supadbpath parameter to 1 commonfunctions.php, 2 adminauthcookies.php, 3 adminmods.php, 4 adminnews.php, 5 admintopics.php, 6 adminusers.php, 7...

6.8CVSS8.2AI score0.07034EPSS
Exploits0References15Affected Software1
NVD
NVD
added 2007/04/18 3:19 a.m.23 views

CVE-2007-2082

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this...

6.5CVSS6.9AI score0.01152EPSS
Exploits0References4
NVD
NVD
added 2007/01/18 2:28 a.m.17 views

CVE-2007-0345

The 1 Activity Monitor.app/Contents/Resources/pmTool, 2 Keychain Access.app/Contents/Resources/kcproxy, and 3 ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions writable by admin group, which allows local admin...

6.8CVSS6.6AI score0.00412EPSS
Exploits1References6
CVE
CVE
added 2007/01/18 2:0 a.m.52 views

CVE-2007-0345

The CVE-2007-0345 description is supported by connected records: on Mac OS X 10.4.8, three utilities located in /Applications/Utilities (Activity Monitor.app/Contents/Resources/pmTool, Keychain Access.app/Contents/Resources/kcproxy, and ODBC Administrator.app/Contents/Resources/iodbcadmintool) ha...

6.8CVSS6.6AI score0.00412EPSS
Exploits1References6Affected Software1
0day.today
0day.today
added 2007/01/09 12:0 a.m.28 views

MOTIONBORG Web Real Estate <= 2.1 SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================= MOTIONBORG Web Real Estate $1,475.00 ajann SQL Injector Beta= Script Tables & Columns -dtproperties- id objectid property value uvalue lvalue version -Events- EventId EventDay...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2006/09/13 11:7 p.m.25 views

CVE-2006-4758

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/adminboard.php with an avatarpath parameter ending in .php%00...

4.6CVSS6AI score0.01584EPSS
Exploits1References1
exploitpack
exploitpack
added 2006/05/23 12:0 a.m.15 views

phpCommunityCalendar 4.0.3 - Cross-Site Scripting SQL Injection

phpCommunityCalendar 4.0.3 - Cross-Site Scripting SQL Injection author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : "Calendar programming by AppIdeas.com" filetype:php XSS: http://SERVER/PATH/week.php?LoName=alert'XSS' http://SERVER/PATH/month.php?LoName=alert'XSS'...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2006/05/23 12:0 a.m.35 views

phpCommunityCalendar 4.0.3 - Cross-Site Scripting / SQL Injection

author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : "Calendar programming by AppIdeas.com" filetype:php XSS: http://SERVER/PATH/week.php?LoName=alert'XSS' http://SERVER/PATH/month.php?LoName=alert'XSS' http://SERVER/PATH/event.php?AddressLink="alert'XSS'" SQL...

7.4AI score
Exploits0
OSV
OSV
added 2006/05/19 12:0 a.m.28 views

DSA-1066-1 phpbb2 - missing input sanitising

Bulletin has no description...

6CVSS6.2AI score0.01278EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2006/02/06 10:2 p.m.43 views

CVE-2006-0438

Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...

5CVSS6AI score0.02485EPSS
Exploits2References1
CVE
CVE
added 2005/08/07 4:0 a.m.47 views

CVE-2005-2489

The CVE concerns Web Content Management News System. The vulnerability originates from a direct request to Admin/Users/AddModifyInput.php that lets remote attackers create arbitrary user accounts and gain privileges. This implies a bypass of normal authorization checks and potential privilege esc...

7.5CVSS7.3AI score0.01901EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2005/08/07 4:0 a.m.20 views

CVE-2005-2489

Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php...

7AI score0.01901EPSS
Exploits1References6
exploitpack
exploitpack
added 2003/08/15 12:0 a.m.14 views

Poster 2.0 - Unauthorized Privileged User Access

Poster 2.0 - Unauthorized Privileged User Access source: https://www.securityfocus.com/bid/8426/info A vulnerability has been reported for Poster.version:two. The problem occurs due to the application failing to lock the 'setup' variable after initialization. As a result, an attacker may access...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2001/02/08 12:0 a.m.46 views

Security Bulletin MS01-008

--------------------------------------------------------------------- Title: NTLMSSP Privilege Elevation Vulnerability Date: 07 February 2001 Software: Windows NT 4.0 Impact: Privilege Elevation Bulletin: MS01-008 Microsoft encourages customers to review the Security Bulletin at:...

1.5AI score
Exploits0
Rows per page
Query Builder