CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

1599 matches found

Prion•added 2014/07/11 8:55 p.m.•16 views

Sql injection

SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...

7.5CVSS9.2AI score0.03022EPSS

Exploits1References1Affected Software1

Cvelist•added 2014/07/11 8:0 p.m.•30 views

CVE-2014-4938

SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...

8.5AI score0.03022EPSS

Exploits1References1

NVD•added 2014/07/10 4:55 p.m.•18 views

CVE-2014-4854

Cross-site scripting XSS vulnerability in the WP Construction Mode plugin 1.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wuclogo parameter in a save action to wp-admin/admin.php...

4.3CVSS5.8AI score0.01618EPSS

Exploits1References2

seebug.org•added 2014/07/10 12:0 a.m.•21 views

FengCms 1.19 /admin.php 登录绕过漏洞

No description provided by source...

seebug.org•added 2014/07/01 12:0 a.m.•12 views

Bloq 0.5.4 admin.php page[path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20512/info Bloq is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the application and the...

seebug.org•added 2014/07/01 12:0 a.m.•16 views

LokiCMS <= 0.3.3 - Remote Command Execution Exploit

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection Exploit: Remote Command Execution Vuln Code: admin.php if $GET'default' != '' // User want's to set the default page writeconfig$cpassword,...

seebug.org•added 2014/07/01 12:0 a.m.•10 views

PBBoard 2.1.4 - Local File Inclusion

No description provided by source. Exploit Title: PBBoard 2.1.4 Local File Inclusion Software Link: http://www.pbboard.com/PBBoardv2.1.4.zip Author: n4ss1m Date: 25-05-2012 Tested on: win/linux Home : www.Sec4ever.com Exploit-DB note: Need to be logged in, at the very least, as a standard user to...

seebug.org•added 2014/07/01 12:0 a.m.•9 views

Phorum 5.1.20 admin.php badwords/banlist Module SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...

seebug.org•added 2014/07/01 12:0 a.m.•20 views

RoseOnlineCMS <= 3 B1 Remote Login Bypass Exploit

No description provided by source. '/ -.- --------------------oOO------OOo------------------- | RoseOnlineCMS = 3 B1 Remote Login Bypass Exploit | | works only with magicquotesgpc = off | ------------------------------------------------------ ! Discovered: cr4wl3r cr4wl3r!linuxmail.org ! Download...

seebug.org•added 2014/07/01 12:0 a.m.•20 views

mcGallery 1.1 - admin.php lang Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28587/info mcGallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...

seebug.org•added 2014/07/01 12:0 a.m.•14 views

Vikingboard 0.1.2 admin.php act Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/21196/info Vikingboard is prone to multiple HTML-injection vulnerabilities and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an...

seebug.org•added 2014/07/01 12:0 a.m.•19 views

Invision Power Board 1.0/1.1/1.2 Admin.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8381/info Invision Power Board admin.php script reported prone to a cross-site scripting vulnerability. The issue presents itself due to a lack of sufficient sanitization performed by functions in an Invision Power Board...

seebug.org•added 2014/07/01 12:0 a.m.•19 views

PHP-Nuke 0-7 Delete God Admin Access Control Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10861/info PHP-Nuke is reported prone to an access control bypass vulnerability. Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke God Admin account...

seebug.org•added 2014/07/01 12:0 a.m.•19 views

MD News 1 Admin.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17394/info MD News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow a...

seebug.org•added 2014/07/01 12:0 a.m.•18 views

ecoCMS 18.4.2010 'admin.php' Cross Site Scripting Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register from urlparse import urljoin class TestPOCPOCBase: vulID = 'SSV-87089' vul ID version = '1' author = 'fenghh' vulDate =...

seebug.org•added 2014/07/01 12:0 a.m.•23 views

REvolution <= 10.02 CSRF (Cross-Site Request Forgery)

No description provided by source. Vulnerability ID: HTB22367 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinnpdsrevolution.html Product: NPDS REvolution Vendor: NPDS Vulnerable Version: REvolution 10.02 and Probably Prior Versions Vendor Notification: 06 May 2010 Vulnerability Type: CSRF...

seebug.org•added 2014/07/01 12:0 a.m.•10 views

GNU/Gallery <= 1.1.1.0 (admin.php) Local File Inclusion Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ GNU/Gallery = 1.1.1.0 admin.php Local File Inclusion Vulnerability +==-- --==+================================================================================+==--...

seebug.org•added 2014/07/01 12:0 a.m.•12 views

Phorum 5.1.20 admin.php Groups Module group_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...

seebug.org•added 2014/07/01 12:0 a.m.•30 views

MKPortal 1.0/1.1 Admin.PHP Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25515/info MKPortal is prone to an authentication-bypass vulnerability because it fails to restrict access to certain administrative functions. Attackers can exploit this issue to gain unauthorized access to the...

seebug.org•added 2014/07/01 12:0 a.m.•18 views

b2evolution 3.3.3 Cross Site Request Forgery [CSRF]

No description provided by source. ---------------------------------------------------------------------------- : Exploit Title: b2evolution 3.3.3 Cross site request forgery : : Date: 05/07/2010 & 23/07/1431 H : : Author: saudi0hacker : : Software Link: http://b2evolution.net/downloads/index.html...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by