CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1599 matches found

Prion•added 2011/06/21 2:52 a.m.•12 views

Sql injection

SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chnguid parameter...

7.5CVSS9AI score0.01154EPSS

Exploits1References3Affected Software1

CVE•added 2011/06/21 1:0 a.m.•62 views

CVE-2011-1480

CVE-2011-1480 affects PHP-Nuke (admin.php) in the admin backend of PHP-Nuke 8.0 and earlier. The vulnerability is an SQL injection via the chng_uid parameter, allowing remote attackers to execute arbitrary SQL commands. The available connected documents confirm the affected software/version range...

7.5CVSS8.7AI score0.01154EPSS

Exploits1References3Affected Software1

Exploit DB•added 2011/05/19 12:0 a.m.•28 views

LimeSurvey 1.85+ - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47931/info LimeSurvey is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

7.4AI score

Exploits0

0day.today•added 2011/04/27 12:0 a.m.•45 views

Quick CMS v3.0 Cross Site Request Forgery (Add Admin User)

Exploit for php platform in category web applications + Exploit Title: Quick CMS v3.0 Cross Site Request Forgery Add Admin User + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Dork : intext:"Quick.Cms v3.0" inurl:admin.php + Demo CMS Link:...

7.1AI score

Exploits0

Packet Storm•added 2011/04/10 12:0 a.m.•33 views

NooMS CMS 1.1.1 Cross Site Request Forgery

NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd try to see how fast it would take me ...

0.9AI score

Exploits0

Packet Storm•added 2011/04/07 12:0 a.m.•34 views

Viscacha 0.8.1 XSS / SQL Injection / Path Disclosure

================================== Vulnerability ID: HTB22921 Reference: http://www.htbridge.ch/advisory/sqlinjectioninviscacha.html Product: Viscacha Vendor: MaMo Net http://www.viscacha.org Vulnerable Version: 0.8.1 Vendor Notification: 24 March 2011 Vulnerability Type: SQL Injection Risk level...

0.8AI score

Exploits0

Packet Storm•added 2011/03/29 12:0 a.m.•31 views

WESPA PHP Newsletter 3.0 Administrator Password Change

"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path Author: alieye class : remote E-mail: [email protected] greetz: C.S.Eye Security Team members We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com...

Exploits0

htbridge•added 2011/03/22 12:0 a.m.•22 views

Multiple Vulnerabilities in Eleanor CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in Eleanor CMS which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in Eleanor CMS The vulnerability exists due to input sanitation error in the...

7.5CVSS7.3AI score

Exploits0Affected Software1

htbridge•added 2011/03/22 12:0 a.m.•28 views

Multiple Vulnerabilities in UseBB

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in UseBB which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerabilities in UseBB 1.1 The vulnerability exists due to insufficient validation of the request...

7.1CVSS7.5AI score

Exploits0Affected Software1

OpenVAS•added 2011/02/08 12:0 a.m.•18 views

N-13 News Cross-Site Request Forgery Vulnerability

This host is running N-13 News and is prone to Cross-Site Request Forgery vulnerability. OpenVAS Vulnerability Test $Id: gbn13newscsrfvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ N-13 News Cross-Site Request Forgery Vulnerability Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks...

4.3CVSS0.5AI score0.00863EPSS

Exploits1References3

NVD•added 2011/01/25 7:0 p.m.•16 views

CVE-2011-0641

Multiple cross-site scripting XSS vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 what1, 2 what2, 3 what3, 4 what4, and 5 what5 parameters. NOTE: the provenance of this information is...

4.3CVSS5.8AI score0.0183EPSS

Exploits0References4

Cvelist•added 2011/01/25 6:0 p.m.•18 views

CVE-2011-0641

5.8AI score0.0183EPSS

Exploits0References4

Patchstack•added 2011/01/25 12:0 a.m.•14 views

WordPress StatPressCN Plugin <= 1.9.0 - Multiple XSS

Because of these vulnerabilities in wp-admin/admin.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...

4.3CVSS1.9AI score0.0183EPSS

Exploits0References1Affected Software1

myhack58•added 2011/01/20 12:0 a.m.•39 views

N - 1 3 news 3.4 remote admin add CSRF vulnerability-vulnerability warning-the black bar safety net

EXP: the html head titleRemote Admin Add CSRF Exploit/title /head H2Remote Admin Add CSRF Exploit by qing-Edit/H2 formmethod="POST"name="form0"action="http://localhost/news/admin.php?action=options&mod=accounts&create=new" inputtype="hidden"name="accountname"value="admin" /...

0.7AI score

Exploits0

NVD•added 2010/12/29 10:33 p.m.•24 views

CVE-2010-4613

Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the site parameter to 1 index.php and 2 admin.php...

7.5CVSS7.2AI score0.06051EPSS

Exploits2References3

Cvelist•added 2010/12/29 7:0 p.m.•31 views

CVE-2010-4613

7.2AI score0.06051EPSS

Exploits2References3

NVD•added 2010/12/22 3:0 a.m.•29 views

CVE-2010-4275

Multiple cross-site scripting XSS vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 name or 2 descr parameter in an a updateusergroup or a b storenas action to admin.php...

3.5CVSS5.4AI score0.01272EPSS

Exploits4References4

Prion•added 2010/12/22 3:0 a.m.•19 views

Cross site scripting

3.5CVSS5.7AI score0.01272EPSS

Exploits4References4Affected Software1

CVE•added 2010/12/22 1:0 a.m.•48 views

CVE-2010-4275

Radius Manager 3.8.0 is affected by multiple stored XSS vulnerabilities. The issue arises in the admin.php actions update_usergroup and store_nas, where unsanitized inputs for name/descr can inject arbitrary script/HTML. Exploitation requires an authenticated administrator; impact is limited to t...

3.5CVSS5.4AI score0.01272EPSS

Exploits4References4Affected Software1

Packet Storm•added 2010/12/09 12:0 a.m.•21 views

CMScout 2.09 Cross Site Request Forgery

Vulnerability ID: HTB22719 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincmscout.html Product: CMScout Vendor: CMScout Team http://www.cmscout.co.za/ Vulnerable Version: 2.09 and probably prior versions Vendor Notification: 25 November 2010 Vulnerability Type: CSRF Cross-Site Request Forge...

0.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by