Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1593 matches found

Exploit DB
Exploit DBadded 2008/04/10 12:0 a.m.33 views

RX Maxsoft - 'fotoID' SQL Injection

Provozováno na RS MAXSOFT SQL-Injection PAGE:http://redakcni-system.maxsoft.cz/ AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : "RS MAXSOFT" DORK 2 : "Provozováno na RS MAXSOFT" you will se...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2008/04/08 12:0 a.m.16 views

LokiCMS 0.3.3 - Remote Command Execution

LokiCMS 0.3.3 - Remote Command Execution Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS = 0.3.3 Remo...

0.4AI score
Exploits0
0day.today
0day.todayadded 2008/04/08 12:0 a.m.14 views

LokiCMS <= 0.3.3 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================= LokiCMS = 0.3.3 Remote Command Execution Exploit ================================================= Author: GiReX Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection...

7.1AI score
Exploits0
Exploit DB
Exploit DBadded 2008/04/08 12:0 a.m.39 views

LokiCMS 0.3.3 - Remote Command Execution

Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2008/04/03 12:0 a.m.22 views

mcGallery 1.1 - admin.php?lang Cross-Site Scripting

mcGallery 1.1 - admin.php?lang Cross-Site Scripting source: https://www.securityfocus.com/bid/28587/info mcGallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

6.8AI score
Exploits0
Prion
Prionadded 2008/03/25 11:44 p.m.7 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for 1 classes/classadmin.php and 2 classes/classcomments.php. NOTE: the provenance of this information is unknown; the details are...

7.5CVSS8AI score0.02911EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2008/03/25 12:0 a.m.2 views

PT-2008-3075 · Oocomments · Oocomments

Name of the Vulnerable Software and Affected Versions: ooComments version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for classes/class admin.php and classes/class comments.php, such as the API endpoint "/classes/class...

9.8CVSS8AI score0.02911EPSS
Exploits1References6
Prion
Prionadded 2008/03/10 5:44 p.m.10 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...

4.3CVSS6.1AI score0.00412EPSS
Exploits1References2
NVD
NVDadded 2008/03/10 5:44 p.m.5 views

CVE-2008-1228

Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...

4.3CVSS5.7AI score0.00412EPSS
Exploits1References2
CVE
CVEadded 2008/03/10 5:0 p.m.31 views

CVE-2008-1228

CVE-2008-1228 is a cross-site scripting (XSS) flaw in MG2 (formerly Minigal) that affects the admin.php interface. The vulnerability is triggered by the list parameter during an import action, allowing remote attackers to inject arbitrary web script or HTML. Documents consistently describe this a...

4.3CVSS5.7AI score0.00412EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2008/03/10 5:0 p.m.10 views

CVE-2008-1228

Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...

5.7AI score0.00412EPSS
Exploits1References2
NVD
NVDadded 2008/02/13 1:0 a.m.7 views

CVE-2008-0734

SQL injection vulnerability in classauth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php...

7.5CVSS8.4AI score0.00462EPSS
Exploits0References3
Prion
Prionadded 2008/02/13 1:0 a.m.11 views

Sql injection

SQL injection vulnerability in classauth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php...

7.5CVSS9.2AI score0.00462EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2008/01/22 8:0 p.m.8 views

CVE-2008-0377

MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php...

10CVSS7.2AI score0.0086EPSS
Exploits0References4
NVD
NVDadded 2008/01/18 10:0 p.m.6 views

CVE-2008-0359

Multiple cross-site scripting XSS vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admin.php or 2 index.php in photo/...

4.3CVSS5.8AI score0.07399EPSS
Exploits1References6
Prion
Prionadded 2008/01/18 10:0 p.m.9 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admin.php or 2 index.php in photo/...

4.3CVSS6.1AI score0.07399EPSS
Exploits1References6Affected Software1
Prion
Prionadded 2008/01/15 8:0 p.m.11 views

Sql injection

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the 1 status, 2 sort, and 3 way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the 4 msg and 5 password...

7.5CVSS9AI score0.01816EPSS
Exploits1References6Affected Software1
NVD
NVDadded 2008/01/15 8:0 p.m.10 views

CVE-2008-0266

Cross-site request forgery CSRF vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection...

2.6CVSS8AI score0.00428EPSS
Exploits1References5
NVD
NVDadded 2008/01/15 8:0 p.m.8 views

CVE-2008-0267

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the 1 status, 2 sort, and 3 way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the 4 msg and 5 password...

7.5CVSS8.2AI score0.01816EPSS
Exploits1References6
Prion
Prionadded 2008/01/15 8:0 p.m.10 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection...

2.6CVSS8.8AI score0.00428EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder