CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1593 matches found

Packet Storm•added 2007/05/04 12:0 a.m.•17 views

sb-sql.txt

Remote Login Bypass SQL Injection Vulnerability admin.php AYYILDIZ.ORG Presents. SchoolBoard http://free-php-scripts.net/download.php?id=120 author : iLker Kandemir mynet.com Tnx : h0tturk,ekin0x,Dr.Max Virus,Gencnesil,Gencturk,Ajann Vulnerable; /admin.php...

7.4AI score

Exploits0

securityvulns•added 2007/05/03 12:0 a.m.•76 views

SchoolBoard (admin.php) Remote Login Bypass SQL Injection Vulnerability

Remote Login Bypass SQL Injection Vulnerability admin.php AYYILDIZ.ORG Presents. SchoolBoard http://free-php-scripts.net/download.php?id=120 author : iLker Kandemir ilkerkandemir at mynet.com Tnx : h0tturk,ekin0x,Dr.Max Virus,Gencnesil,Gencturk,Ajann Vulnerable; /admin.php...

0.8AI score

Exploits0

Cvelist•added 2007/04/27 4:0 p.m.•15 views

CVE-2007-2339

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via 1 a modified recipients parameter name in a pm.php; 2 the curr parameter to the b badwords aka censorlist or c banlist module in admin.php; or 3 the "Edit groups / Add group...

8.5AI score0.04811EPSS

Exploits1References12

NVD•added 2007/04/25 4:19 p.m.•12 views

CVE-2007-2248

Multiple cross-site scripting XSS vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the 1 groupid parameter in the groups module or 2 the smileyid parameter in the smileys modsettings module...

4.3CVSS5.8AI score0.07763EPSS

Exploits1References9

Prion•added 2007/04/25 4:19 p.m.•14 views

Cross site scripting

4.3CVSS6.1AI score0.07763EPSS

Exploits1References9Affected Software1

Prion•added 2007/04/25 4:19 p.m.•9 views

Design/Logic Flaw

admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module parameter...

5CVSS7.1AI score0.07419EPSS

Exploits1References9Affected Software1

CVE•added 2007/04/25 4:0 p.m.•47 views

CVE-2007-2248

CVE-2007-2248 involves Phorum, specifically XSS in admin.php prior to 5.1.22. The vulnerabilities affect the group_id parameter in the groups module and the smiley_id parameter in the smileys modsettings module, enabling remote attackers to inject arbitrary web script or HTML. The connected docum...

4.3CVSS5.8AI score0.07763EPSS

Exploits1References9Affected Software1

Cvelist•added 2007/04/25 4:0 p.m.•16 views

CVE-2007-2250

admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module parameter...

6.6AI score0.07419EPSS

Exploits1References9

Exploit DB•added 2007/04/23 12:0 a.m.•18 views

Phorum 5.1.20 - 'admin.php' badwords/banlist Module SQL Injection

source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently...

7.4AI score

Exploits0

exploitpack•added 2007/04/23 12:0 a.m.•11 views

Phorum 5.1.20 - admin.php badwordsbanlist Module SQL Injection

Phorum 5.1.20 - admin.php badwordsbanlist Module SQL Injection source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site...

Exploits0

Prion•added 2007/04/12 7:19 p.m.•13 views

Sql injection

Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 pseudo or 2 passe parameter...

7.5CVSS8.9AI score0.01217EPSS

Exploits0References5Affected Software1

Prion•added 2007/04/12 7:19 p.m.•11 views

Authentication flaw

admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the isadmin parameter to 1...

7.5CVSS7.5AI score0.03434EPSS

Exploits0References3Affected Software1

NVD•added 2007/04/12 7:19 p.m.•12 views

CVE-2007-2007

admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the isadmin parameter to 1...

7.5CVSS6.9AI score0.03434EPSS

Exploits0References3

Prion•added 2007/04/12 7:19 p.m.•23 views

Directory traversal

Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

7.5CVSS7.6AI score0.06244EPSS

Exploits0References3Affected Software1

CVE•added 2007/04/12 7:0 p.m.•38 views

CVE-2007-2007

CVE-2007-2007 affects admin.php in pL-PHP beta 0.9. The vulnerability allows remote attackers to bypass authentication by setting the is_admin parameter to 1, enabling unauthorized access. The NVD entry assigns a CVSS v2 base score of 7.5 (HIGH) with Network attack vector, Low attack complexity, ...

7.5CVSS6.9AI score0.03434EPSS

Exploits0References3Affected Software1

Cvelist•added 2007/04/12 7:0 p.m.•16 views

CVE-2007-2007

admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the isadmin parameter to 1...

6.9AI score0.03434EPSS

Exploits0References3

CVE•added 2007/04/12 7:0 p.m.•57 views

CVE-2007-2000

CVE-2007-2000 affects Crea-Book 1.0 and earlier. The vulnerability is multiple SQL injection flaws in admin/admin.php, exploitable via the (1) pseudo or (2) passe parameter, allowing remote attackers to run arbitrary SQL commands. The description in the connected documents confirms this vector an...

7.5CVSS8.5AI score0.01217EPSS

Exploits0References5Affected Software1

Cvelist•added 2007/04/12 7:0 p.m.•21 views

CVE-2007-2008

Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang parameter...

7.1AI score0.06244EPSS

Exploits0References3

CVE•added 2007/04/12 7:0 p.m.•46 views

CVE-2007-2008

CVE-2007-2008 is a directory traversal vulnerability in pL-PHP beta 0.9 (admin.php) allowing remote attackers to include and execute arbitrary local files via a .. in the lang parameter. The NVD entry confirms the vulnerability and impact (partial confidentiality, integrity, and availability affe...

7.5CVSS7.1AI score0.06244EPSS

Exploits0References3Affected Software1

Packet Storm•added 2007/04/02 12:0 a.m.•24 views

slaed-rfi.txt

By Hasadya Raed Contact : [email protected] Israel ----------------------------------------------- Script : SLAEDCMS2 Dork : "Web site engine code is Copyright © 2006 by SLAED CMS. All rights reserved" ----------------------------------------------- B.Files : admin.php index.php...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by