CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1599 matches found

0day.today•added 2012/04/23 12:0 a.m.•26 views

ChurchCMS 0.0.1 SQL Injection

Exploit for php platform in category web applications Exploit Title: ChurchCMS 0.0.1 'admin.php' Multiple SQLi Author: G13 Twitter: @g13net Software Link: http://sourceforge.net/projects/churchcms/?source=directory Version: 0.0.1 Category: webapps php Description ChurchCMS is the software to plac...

7.1AI score

Exploits0

Packet Storm•added 2012/04/23 12:0 a.m.•23 views

ChurchCMS 0.0.1 SQL Injection

Exploit Title: ChurchCMS 0.0.1 'admin.php' Multiple SQLi Date: 04/21/12 Author: G13 Twitter: @g13net Software Link: http://sourceforge.net/projects/churchcms/?source=directory Version: 0.0.1 Category: webapps php Description ChurchCMS is the software to place on your church's website that is easi...

7.4AI score

Exploits0

0day.today•added 2012/03/26 12:0 a.m.•14 views

Invoice Manager CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Invoice Manager CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/invoice-manager-by-stivasoft/31738/ Category:: webapps Demo : http://www.phpjabbers.com/demo/im15/admin.php Greetz: Inj3ct0r Explo...

7.1AI score

Exploits0

NVD•added 2012/02/21 1:31 p.m.•27 views

CVE-2012-0995

Multiple cross-site scripting XSS vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter in an external action to zp-core/admin.php, 2 PATHINTO to an unspecified URL, as demonstrated using /1/, 3 PATHINFO to zp-core/admin.php, or 4...

4.3CVSS5.7AI score0.01425EPSS

Exploits2References8

Prion•added 2012/02/21 1:31 p.m.•16 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

6.8CVSS7.7AI score0.0069EPSS

Exploits1References3Affected Software1

Prion•added 2012/02/21 1:31 p.m.•20 views

Cross site scripting

4.3CVSS6AI score0.01425EPSS

Exploits2References8Affected Software1

CVE•added 2012/02/21 12:0 a.m.•38 views

CVE-2012-1227

The CVE-2012-1227 entry describes CSRF vulnerabilities in pluck 4.7 (admin.php) that could allow an attacker to hijack admin sessions by performing actions such as (1) changing the admin email address, (2) changing the blog title via a settings action, (3) adding a page via editpage, or (4) addin...

6.8CVSS7.4AI score0.0069EPSS

Exploits1References3Affected Software1

CVE•added 2012/02/20 8:0 p.m.•53 views

CVE-2012-1216

PBBoard 2.1.4 and likely earlier versions have multiple vulnerabilities tied to CVE-2012-1216: a CSRF flaw in admin.php that can hijack administrator sessions to perform actions (e.g., file upload via add action or file content modification via edit action), and it is linked to other issues (CVE-...

6.8CVSS7.1AI score0.0064EPSS

Exploits5References2Affected Software1

Exploit DB•added 2011/12/11 12:0 a.m.•300 views

Xoops 2.5.4 - Blind SQL Injection

------------------------------------------ Xoops 2.5.4 Blind SQL Injection ------------------------------------------ Dork: "Powered by XOOPS 2.5.4" Download: http://sourceforge.net/projects/xoops/ Date: 10/12/2011 Author: blkhtc0rp Mail: blkhtc0rpatyahoodotcom Tested on: Freebsd 8 and Debian...

7.4AI score

Exploits0

NVD•added 2011/11/28 9:55 p.m.•17 views

CVE-2011-4561

Cross-site scripting XSS vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/index.php. NOTE: some of these details are obtained from third party information...

4.3CVSS5.7AI score0.01628EPSS

Exploits1References5

Prion•added 2011/11/28 9:55 p.m.•15 views

Cross site scripting

4.3CVSS6.2AI score0.01628EPSS

Exploits1References5Affected Software1

Cvelist•added 2011/11/28 9:0 p.m.•13 views

CVE-2011-4561

5.7AI score0.01628EPSS

Exploits1References5

CVE•added 2011/11/28 9:0 p.m.•45 views

CVE-2011-4561

Phorum 5.2.18 is vulnerable to a cross-site scripting (XSS) flaw in admin.php, exploitable by remote attackers via PATH_INFO to admin/index.php. The issue affects Phorum’s admin interface and can allow injection of arbitrary web script or HTML. Multiple sources (NVD/OpenVAS) confirm the vulnerabi...

4.3CVSS5.9AI score0.01628EPSS

Exploits1References5Affected Software1

NVD•added 2011/11/23 1:55 a.m.•21 views

CVE-2010-5046

Cross-site scripting XSS vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter...

4.3CVSS5.7AI score0.01854EPSS

Exploits0References7

Prion•added 2011/11/23 1:55 a.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter...

4.3CVSS6.1AI score0.01854EPSS

Exploits0References7

CVE•added 2011/11/23 1:0 a.m.•46 views

CVE-2010-5046

CVE-2010-5046 is a Cross‑Site Scripting (XSS) flaw in ecoCMS: the admin.php script vulnerable via the p parameter allows remote attackers to inject arbitrary script/HTML. The vulnerability affects ecoCMS’ admin page and can be triggered by crafting requests to admin.php?p=…; exploitation details ...

4.3CVSS5.9AI score0.01854EPSS

Exploits0References7Affected Software1

htbridge•added 2011/10/12 12:0 a.m.•25 views

Multiple vulnerabilities in Efront

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Efront, which can be exploited to perform SQL injection and cross-site scripting attacks. 1 Cross-Site scripting XSS vulnerabilities in Efront 1.1 Input passed via the "course" GET parameter to index.php is not...

7.5CVSS7.6AI score

Exploits0Affected Software1

seebug.org•added 2011/08/28 12:0 a.m.•21 views

WordPress Super CAPTCHA plugin <= 2.2.4 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Super CAPTCHA plugin = 2.2.4 SQL Injection Vulnerability Date: 2011-08-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/super-capcha.2.2.4.zip Version: 2.2.4 tested...

7.1AI score

Exploits0

Packet Storm•added 2011/07/25 12:0 a.m.•19 views

Online Grades Project Team 3.2.5 Cross Site Scripting

Online Grades 3.2.5 Multiple XSS Vulnerabilites Vendor: Online Grades Project Team Product web page: http://www.onlinegrades.org Affected version: 3.2.5 Summary: Online Grades is the leading free-software project that allows K-12+ student grades attendance information to be posted onto a dynamic...

0.1AI score

Exploits0

NVD•added 2011/06/21 2:52 a.m.•22 views

CVE-2011-1480

SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chnguid parameter...

7.5CVSS8.4AI score0.01154EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by