CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1599 matches found

exploitpack•added 2010/11/29 12:0 a.m.•19 views

Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities

Diferior 8.03 - Multiple Cross-Site Scripting Vulnerabilities Vulnerability ID: HTB22721 Reference: http://www.htbridge.ch/advisory/storedxsscrosssitescriptingvulnerabilityindiferior.html Product: Diferior Vendor: Povilas Musteikis http://www.diferior.com/ Vulnerable Version: 8.03 and probably...

7AI score

Exploits0

Exploit DB•added 2010/10/25 12:0 a.m.•20 views

Jamb - Cross-Site Request Forgery (Add a Post)

!/usr/bin/python /\ \ /\ \ /'\ /\ \ \ \ /\ \ /\//\ \ /\ /\ \ \ \ \ \ \ \ \ /'\ /\ /\ \ \ \ /'\ \ \ \ \ /' \ /'\ /'\''\ /\ /\ \ \ \ \ \ / \ / | \ \\ /\ /\ \ \ \ \L\ /\ / /\ / \ /\ / \ / / \ \ / \ / \ \\ \\ / ,\ \ \ \ \ \ \x/' // //// ////// // /, ///...

7.4AI score

Exploits0

myhack58•added 2010/10/05 12:0 a.m.•13 views

nileweb School CMS injection vulnerability and repair programme-vulnerability warning-the black bar safety net

nileweb School CMS program index. php parameter filtering is not strictly the presence of injection vulnerabilities. Batch google. cn inurl:index. php? action= http://localhost/index.php?action=cms/showpaget&pageid=-21+/! uniOn/+select+1,convertgrOupcOncatusername,0x3a,password using...

0.4AI score

Exploits0

0day.today•added 2010/10/04 12:0 a.m.•5095 views

Jax Guestbook admin bypass vulnerability

Exploit for php platform in category web applications ======================================== Jax Guestbook admin bypass vulnerability ======================================== Exploit Title: Jax Guestbook admin bypass vulnerability Date: 3.10.2010 Author: EraGoN Software...

7.1AI score

Exploits0

Prion•added 2010/09/24 9:0 p.m.•11 views

Sql injection

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 password pw parameters to a admin.php or b user.php...

7.5CVSS9.4AI score0.00986EPSS

Exploits1References3Affected Software1

Cvelist•added 2010/09/24 7:44 p.m.•19 views

CVE-2010-3608

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 password pw parameters to a admin.php or b user.php...

8.7AI score0.00986EPSS

Exploits1References3

Cvelist•added 2010/08/25 7:0 p.m.•12 views

CVE-2009-4980

Multiple cross-site scripting XSS vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 where parameter to search.php and 2 qc parameter to admin.php...

5.8AI score0.01022EPSS

Exploits0References3

Cvelist•added 2010/07/01 9:0 p.m.•19 views

CVE-2010-2614

SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an editpage action...

8.4AI score0.01125EPSS

Exploits1References3

CVE•added 2010/07/01 9:0 p.m.•44 views

CVE-2010-2615

Grafik CMS 1.1.2 (admin/admin.php) contains Cross-Site Scripting (XSS) flaws that allow injection of arbitrary HTML/JS via the page_menu (settings) and description (edit_page) parameters. The vulnerability arises from input sanitization errors in /admin/admin.php. Exploitation requires the attack...

4.3CVSS6AI score0.01452EPSS

Exploits1References4Affected Software1

CVE•added 2010/07/01 9:0 p.m.•48 views

CVE-2010-2614

Grafik CMS 1.1.2 (admin/admin.php) is affected by an SQL injection via the id parameter in the edit_page action. All connected sources consistently describe this vulnerability and its impact as arbitrary SQL execution on remote attackers; details on vulnerable versions beyond 1.1.2 are not explic...

7.5CVSS8.8AI score0.01125EPSS

Exploits1References3Affected Software1

exploitpack•added 2010/06/29 12:0 a.m.•16 views

Grafik CMS - admin.php SQL Injection Cross-Site Scripting

Grafik CMS - admin.php SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/41227/info Grafik CMS is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

0.4AI score

Exploits0

Exploit DB•added 2010/06/24 12:0 a.m.•22 views

OneCMS 2.6.1 - 'cat' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how t...

7.4AI score

Exploits0

Exploit DB•added 2010/05/28 12:0 a.m.•31 views

ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/40431/info ImpressPages CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application,...

7.4AI score

Exploits0

Exploit DB•added 2010/05/24 12:0 a.m.•24 views

REvolution 10.02 - Cross-Site Request Forgery

Vulnerability ID: HTB22367 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinnpdsrevolution.html Product: NPDS REvolution Vendor: NPDS Vulnerable Version: REvolution 10.02 and Probably Prior Versions Vendor Notification: 06 May 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status:...

7.4AI score

Exploits0

Exploit DB•added 2010/05/18 12:0 a.m.•20 views

ecoCMS 18.4.2010 - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39901/info ecoCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

7.4AI score

Exploits0

CVE•added 2010/04/27 3:0 p.m.•42 views

CVE-2009-4827

The CVE-2009-4827 issue affects Mail Manager Pro, specifically the admin.php component. A cross-site request forgery (CSRF) vulnerability exists that allows remote attackers to hijack administrator sessions and perform password-change actions via a crafted request. The underlying impact is that a...

6.8CVSS7.4AI score0.00943EPSS

Exploits1References3Affected Software1

Packet Storm•added 2010/04/17 12:0 a.m.•30 views

ZykeCMS 1.1 SQL Injection

====================================================== ZykeCMS V1.1 Auth Bypass SQL Injection Vulnerability ====================================================== Author : Giuseppe 'giudinvx' D'Inverno Email : Date : 04-16-2010 Site : http://www.giudinvx.altervista.org/ Location : Naples, Italy...

0.4AI score

Exploits0

Exploit DB•added 2010/04/16 12:0 a.m.•35 views

Zyke CMS 1.1 - Authentication Bypass

7.4AI score

Exploits0

Prion•added 2010/03/05 6:30 p.m.•14 views

Code injection

admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified userid field...

7.5CVSS7.5AI score0.0242EPSS

Exploits0References3

NVD•added 2010/03/05 6:30 p.m.•22 views

CVE-2009-4674

admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified userid field...

7.5CVSS6.9AI score0.0242EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by