CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1593 matches found

Cvelist•added 2012/10/08 10:0 a.m.•17 views

CVE-2010-5064

Multiple cross-site scripting XSS vulnerabilities in Virtual War aka VWar 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via 1 the Additional Information field to challenge.php, the 2 Additional Information or 3 Contact information field to joinus.php, 4 the War Report fie...

5.6AI score0.00225EPSS

Exploits1References2

Prion•added 2012/09/19 7:55 p.m.•10 views

Sql injection

SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information...

6.5CVSS8.5AI score0.0039EPSS

Exploits0References5Affected Software1

CVE•added 2012/09/19 7:0 p.m.•47 views

CVE-2012-4994

The CVE-2012-4994 entry concerns a SQL injection in LimeSurvey’s admin/admin.php. Affected software is LimeSurvey prior to 1.91+ Build 120224, where remote authenticated users can inject SQL commands via the id parameter in a browse action. The vulnerability arises from improper sanitization of u...

6.5CVSS8.2AI score0.0039EPSS

Exploits0References5Affected Software1

NVD•added 2012/08/27 11:55 p.m.•19 views

CVE-2012-4036

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged b...

6.8CVSS7.3AI score0.06734EPSS

Exploits5References7

NVD•added 2012/08/14 10:55 p.m.•12 views

CVE-2012-2209

Multiple cross-site scripting XSS vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 section parameter in the configuration module, 2 installstatus parameter in the languagesnew module, or 3 theme parameter in the theme modu...

4.3CVSS5.7AI score0.061EPSS

Exploits6References9

Prion•added 2012/08/14 10:55 p.m.•15 views

Cross site scripting

4.3CVSS6AI score0.061EPSS

Exploits6References9Affected Software1

CVE•added 2012/08/14 10:0 p.m.•46 views

CVE-2012-2209

CVE-2012-2209 affects Piwigo prior to 2.3.4, exposing multiple XSS vulnerabilities in admin.php via the section, installstatus, and theme parameters. The issue enables remote attackers to inject arbitrary HTML/script in an administrator session. Vendor patch: upgrade to Piwigo 2.3.4 (remediation)...

4.3CVSS5.6AI score0.061EPSS

Exploits6References9Affected Software1

Packet Storm•added 2012/07/05 12:0 a.m.•19 views

Classifieds Ads Script PHP 1.1 SQL Injection

Title: ====== Classified Ads Script PHP v1.1 - SQL Injection Vulnerabilities Date: ===== 2012-06-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=605 VL-ID: ===== 605 Common Vulnerability Scoring System: ==================================== 5.5 Introduction:...

1.1AI score

Exploits0

Vulnerability Lab•added 2012/06/18 12:0 a.m.•10 views

Event Calendar PHP 1.2 - Multiple Web Vulnerabilities

Document Title: =============== Event Calendar PHP 1.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=607 Release Date: ============= 2012-06-18 Vulnerability Laboratory ID VL-ID: ==================================== 607...

0.4AI score

Exploits0

exploitpack•added 2012/06/03 12:0 a.m.•13 views

AdaptCMS 2.0.2 TinyURL Plugin - admin.php Multiple SQL Injections

AdaptCMS 2.0.2 TinyURL Plugin - admin.php Multiple SQL Injections source: https://www.securityfocus.com/bid/53764/info AdaptCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues...

0.4AI score

Exploits0

0day.today•added 2012/05/29 12:0 a.m.•40 views

PBBoard v2.1.4 (CSRF) Arbitrary File Upload and Command Execution (MSF

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

7.1AI score0.00164EPSS

Exploits5

Prion•added 2012/05/21 6:55 p.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key cnd-key in a share-and-follow-menu page to wp-admin/admin.php...

4.3CVSS6.2AI score0.00502EPSS

Exploits1References3Affected Software1

CVE•added 2012/05/21 6:0 p.m.•37 views

CVE-2012-2912

CVE-2012-2912 concerns the WordPress plugin LeagueManager (v3.7). The issue is an XSS vulnerability exploitable through parameters in the admin flow: the show-league page’s group parameter and the team page’s season parameter passed to wp-admin/admin.php. Exploitation could allow remote attackers...

4.3CVSS6AI score0.00153EPSS

Exploits1References3Affected Software1

exploitpack•added 2012/05/15 12:0 a.m.•18 views

WordPress Plugin CataBlog 1.6 - admin.php Cross-Site Scripting

WordPress Plugin CataBlog 1.6 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/53520/info CataBlog plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

0.1AI score

Exploits0

Packet Storm•added 2012/04/23 12:0 a.m.•20 views

ChurchCMS 0.0.1 SQL Injection

Exploit Title: ChurchCMS 0.0.1 'admin.php' Multiple SQLi Date: 04/21/12 Author: G13 Twitter: @g13net Software Link: http://sourceforge.net/projects/churchcms/?source=directory Version: 0.0.1 Category: webapps php Description ChurchCMS is the software to place on your church's website that is easi...

7.4AI score

Exploits0

0day.today•added 2012/04/23 12:0 a.m.•23 views

ChurchCMS 0.0.1 SQL Injection

Exploit for php platform in category web applications Exploit Title: ChurchCMS 0.0.1 'admin.php' Multiple SQLi Author: G13 Twitter: @g13net Software Link: http://sourceforge.net/projects/churchcms/?source=directory Version: 0.0.1 Category: webapps php Description ChurchCMS is the software to plac...

7.1AI score

Exploits0

0day.today•added 2012/03/26 12:0 a.m.•11 views

Invoice Manager CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Invoice Manager CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/invoice-manager-by-stivasoft/31738/ Category:: webapps Demo : http://www.phpjabbers.com/demo/im15/admin.php Greetz: Inj3ct0r Explo...

7.1AI score

Exploits0

NVD•added 2012/02/21 1:31 p.m.•16 views

CVE-2012-0995

Multiple cross-site scripting XSS vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter in an external action to zp-core/admin.php, 2 PATHINTO to an unspecified URL, as demonstrated using /1/, 3 PATHINFO to zp-core/admin.php, or 4...

4.3CVSS5.7AI score0.00545EPSS

Exploits2References8

Prion•added 2012/02/21 1:31 p.m.•17 views

Cross site scripting

4.3CVSS6AI score0.00545EPSS

Exploits2References8Affected Software1

Prion•added 2012/02/21 1:31 p.m.•13 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

6.8CVSS7.7AI score0.00132EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by