CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1593 matches found

Prion•added 2009/08/12 10:30 a.m.•5 views

Cross site scripting

Cross-site scripting XSS vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php...

4.3CVSS6.1AI score0.03845EPSS

Exploits0References4Affected Software1

Prion•added 2009/08/12 10:30 a.m.•7 views

Code injection

Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from...

6.5CVSS7.4AI score0.01313EPSS

Exploits0References4Affected Software1

CVE•added 2009/08/12 10:0 a.m.•36 views

CVE-2008-6946

CVE-2008-6946 describes a cross-site scripting (XSS) vulnerability in Collabtive 0.4.8. The issue affects manageproject.php where the project name is not properly sanitized during an admin editform action, enabling user-assisted remote attackers to inject arbitrary web script or HTML. The core de...

4.3CVSS5.8AI score0.03845EPSS

Exploits0References4Affected Software1

CVE•added 2009/08/12 10:0 a.m.•39 views

CVE-2008-6947

CVE-2008-6947 affects Collabtive 0.4.8. The vulnerability allows remote attackers to bypass authentication and create new users (including administrators) through an unspecified vector related to the added mode in a users action to admin.php. The connected sources (NVD, CVE listings, and related ...

7.5CVSS7.1AI score0.02762EPSS

Exploits0References4Affected Software1

Prion•added 2009/08/11 10:30 a.m.•11 views

Sql injection

SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

6.8CVSS9.1AI score0.00344EPSS

Exploits0References5Affected Software1

Cvelist•added 2009/08/11 10:0 a.m.•15 views

CVE-2009-2735

SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...

8.3AI score0.00344EPSS

Exploits0References5

CVE•added 2009/08/11 10:0 a.m.•44 views

CVE-2009-2735

The CVE-2009-2735 entry describes an SQL injection in sun-jester OpenNews 1.0, via admin.php when magic_quotes_gpc is disabled. The vulnerability affects the username parameter, enabling remote attackers to execute arbitrary SQL commands. This is documented in NVD and mirrored in multiple referen...

6.8CVSS8.7AI score0.00344EPSS

Exploits0References5Affected Software1

Cvelist•added 2009/08/07 6:33 p.m.•12 views

CVE-2008-6917

SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username user parameter...

8.3AI score0.00355EPSS

Exploits1References5

Prion•added 2009/07/28 7:30 p.m.•6 views

Sql injection

SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action...

7.5CVSS9AI score0.00233EPSS

Exploits0References1Affected Software1

NVD•added 2009/07/28 7:30 p.m.•10 views

CVE-2009-2639

SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action...

7.5CVSS8.3AI score0.00233EPSS

Exploits0References1

Cvelist•added 2009/07/28 7:6 p.m.•11 views

CVE-2009-2639

SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action...

8.3AI score0.00233EPSS

Exploits0References1

CVE•added 2009/07/28 7:6 p.m.•39 views

CVE-2009-2639

CVE-2009-2639 affects MRCGIGUY The Ticket System 2.0 (admin.php) where the viewticket action vulnerable to SQL injection via the id parameter. Root cause is unsafely concatenated SQL in the vulnerable endpoint, enabling remote arbitrary SQL execution. Consequences described are arbitrary SQL comm...

7.5CVSS8.6AI score0.00233EPSS

Exploits0References1Affected Software1

seebug.org•added 2009/07/20 12:0 a.m.•12 views

MCshoutbox 1.1 (SQL/XSS/Shell) Multiple Remote Vulnerabilities

No description provided by source. + MCshoutbox 1.1 SQL/XSS/Shell Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org Homepage : http://www.maniacomputer.com/dload/MCshoutboxDownloadPage.html + SQL Injection Login Bypass - Note : magicquotesgpc =...

7.1AI score

Exploits0

0day.today•added 2009/07/20 12:0 a.m.•13 views

MCshoutbox 1.1 (SQL/XSS/Shell) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== MCshoutbox 1.1 SQL/XSS/Shell Multiple Remote Vulnerabilities ============================================================== + MCshoutbox 1.1 SQL/XSS/Shell Multiple Remote...

7.1AI score

Exploits0

Exploit DB•added 2009/07/20 12:0 a.m.•32 views

mcshoutbox 1.1 - SQL Injection / Cross-Site Scripting / shell

MCshoutbox 1.1 SQL/XSS/Shell Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org Homepage : http://www.maniacomputer.com/dload/MCshoutboxDownloadPage.html + SQL Injection Login Bypass - Note : magicquotesgpc = off - Vulnerable code in...

7AI score

Exploits0

Patchstack•added 2009/07/10 12:0 a.m.•31 views

WordPress - Privileges Unchecked in admin.php and Multiple Information

This WordPress vulnerability was found in the way that WordPress handles some URL requests. It results the content of plugins configuration pages in some plugins modifying plugin options, unprivileged users viewing and injecting JavaScript code. The code is abitrary and it may be run by a malicio...

4.9CVSS1.6AI score0.12303EPSS

Exploits8References1Affected Software1

seebug.org•added 2009/07/10 12:0 a.m.•48 views

WordPress wp-admin/admin.php模块错误权限检查漏洞

BUGTRAQ ID: 35584 CVECAN ID: CVE-2009-2334 WordPress是一款免费的论坛Blog系统。 WordPress对使用page参数的插件配置PHP模块缺少权限检查，如果非特权用户在请求中用admin.php替换了options- general.php或plugins.php，就可以非授权查看插件配置页面的内容，或修改某些插件选项并注入JavaScript代码。 WordPress WordPress 2.8 WordPress WordPress MU 2.7.1 WordPress ---------...

4.9CVSS6.2AI score0.12303EPSS

Exploits8

exploitpack•added 2009/07/10 12:0 a.m.•70 views

WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures

WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ WordPress Privileges Unchecked in admin.php and Multiple Information...

5CVSS0.6AI score0.85338EPSS

Exploits18

NVD•added 2009/07/08 3:30 p.m.•7 views

CVE-2009-2382

admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN...

9.8CVSS9.8AI score0.03352EPSS

Exploits1References4

Packet Storm•added 2009/07/08 12:0 a.m.•25 views

Rapidsendit Clone 2.1 Insecure Cookie

====================================================================================== o Rapidsendit Clone 2.1 Insecure Cookie Handling Vulnerability Software : Rapidsendit Clone version 2.1 Vendor : http://www.rapidsendit.com/ Demo : http://www.rapidsendit.com/script/demo.html Author : NoGe...

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by