CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1599 matches found

Exploit DB•added 2009/07/20 12:0 a.m.•34 views

mcshoutbox 1.1 - SQL Injection / Cross-Site Scripting / shell

MCshoutbox 1.1 SQL/XSS/Shell Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org Homepage : http://www.maniacomputer.com/dload/MCshoutboxDownloadPage.html + SQL Injection Login Bypass - Note : magicquotesgpc = off - Vulnerable code in...

7AI score

Exploits0

Patchstack•added 2009/07/10 12:0 a.m.•34 views

WordPress - Privileges Unchecked in admin.php and Multiple Information

This WordPress vulnerability was found in the way that WordPress handles some URL requests. It results the content of plugins configuration pages in some plugins modifying plugin options, unprivileged users viewing and injecting JavaScript code. The code is abitrary and it may be run by a malicio...

4.9CVSS1.6AI score0.06259EPSS

Exploits8References1Affected Software1

exploitpack•added 2009/07/10 12:0 a.m.•72 views

WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures

WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ WordPress Privileges Unchecked in admin.php and Multiple Information...

5CVSS0.6AI score0.85EPSS

Exploits18

seebug.org•added 2009/07/10 12:0 a.m.•56 views

WordPress wp-admin/admin.php模块错误权限检查漏洞

BUGTRAQ ID: 35584 CVECAN ID: CVE-2009-2334 WordPress是一款免费的论坛Blog系统。 WordPress对使用page参数的插件配置PHP模块缺少权限检查，如果非特权用户在请求中用admin.php替换了options- general.php或plugins.php，就可以非授权查看插件配置页面的内容，或修改某些插件选项并注入JavaScript代码。 WordPress WordPress 2.8 WordPress WordPress MU 2.7.1 WordPress ---------...

4.9CVSS6.2AI score0.06259EPSS

Exploits8

NVD•added 2009/07/08 3:30 p.m.•14 views

CVE-2009-2382

admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN...

9.8CVSS9.8AI score0.06198EPSS

Exploits1References4

Packet Storm•added 2009/07/08 12:0 a.m.•27 views

Rapidsendit Clone 2.1 Insecure Cookie

====================================================================================== o Rapidsendit Clone 2.1 Insecure Cookie Handling Vulnerability Software : Rapidsendit Clone version 2.1 Vendor : http://www.rapidsendit.com/ Demo : http://www.rapidsendit.com/script/demo.html Author : NoGe...

Exploits0

Prion•added 2009/07/07 7:30 p.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php aka the login page in Content Management Made Easy CMME before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field...

4.3CVSS6.1AI score0.01062EPSS

Exploits1References3Affected Software1

CVE•added 2009/07/07 7:0 p.m.•45 views

CVE-2009-2342

CVE-2009-2342 is an XSS in Content Management Made Easy (CMME) prior to 1.22, affecting admin.php (the login page). The vulnerability allows remote attackers to inject arbitrary scripts via the username field in the login form. Documents consistently describe the flaw as a cross-site scripting is...

4.3CVSS5.9AI score0.01062EPSS

Exploits1References3Affected Software1

Cvelist•added 2009/07/07 7:0 p.m.•21 views

CVE-2009-2342

5.7AI score0.01062EPSS

Exploits1References3

Packet Storm•added 2009/06/30 12:0 a.m.•17 views

phpMyBlockchecker 1.0.0055 Insecure Cookie

phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download Script : http://sourceforge.net/project/showfiles.php?groupid=116966&packageid=152150&releaseid=326884 + Insecure Cookie Handling - Vulnerable code...

0.5AI score

Exploits0

0day.today•added 2009/06/30 12:0 a.m.•21 views

phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability

Exploit for unknown platform in category web applications ================================================================= phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability ================================================================= + phpMyBlockchecker 1.0.0055 Insecure...

7.1AI score

Exploits0

exploitpack•added 2009/06/30 12:0 a.m.•9 views

phpMyBlockchecker 1.0.0055 - Insecure Cookie Handling

phpMyBlockchecker 1.0.0055 - Insecure Cookie Handling + phpMyBlockchecker 1.0.0055 Insecure Cookie Handling Vulnerability + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download Script :...

0.5AI score

Exploits0

NVD•added 2009/06/27 6:47 p.m.•18 views

CVE-2009-2234

Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the 1 Username parameter $PHPAUTHUSER and 2 Password parameter $PHPAUTHPW...

7.5CVSS8.5AI score0.01027EPSS

Exploits1References4

Prion•added 2009/06/27 6:47 p.m.•12 views

Sql injection

7.5CVSS9.2AI score0.01027EPSS

Exploits1References4Affected Software1

Cvelist•added 2009/06/27 6:0 p.m.•19 views

CVE-2009-2234

8.5AI score0.01027EPSS

Exploits1References4

CVE•added 2009/06/27 6:0 p.m.•51 views

CVE-2009-2234

CVE-2009-2234 affects VICIdial Call Center Suite (example: 2.0.5-173) with multiple SQL injection vulnerabilities in admin.php. The root cause is unsafe handling of user-supplied input in the PHP_AUTH_USER and PHP_AUTH_PW parameters, allowing remote attackers to execute arbitrary SQL commands. Do...

7.5CVSS8.8AI score0.01027EPSS

Exploits1References4Affected Software1

Prion•added 2009/06/18 9:30 p.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the 1 mgroup, 2 mgr, 3 objtype, 4 id, and 5 dir parameters...

4.3CVSS6.1AI score0.01497EPSS

Exploits1References5Affected Software1

Prion•added 2009/06/18 9:30 p.m.•14 views

Design/Logic Flaw

admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...

6.8CVSS6.3AI score0.01127EPSS

Exploits0References3Affected Software1

NVD•added 2009/06/18 9:30 p.m.•16 views

CVE-2009-2115

admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...

6.8CVSS5.8AI score0.01127EPSS

Exploits0References3

NVD•added 2009/06/18 9:30 p.m.•12 views

CVE-2009-2116

Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. dot dot in the dir parameter...

4CVSS6.2AI score0.02386EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by