CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

453 matches found

securityvulns•added 2010/06/14 12:0 a.m.•27 views

SQL injection vulnerability in MODx CMS

Vulnerability ID: HTB22414 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinmodxcms.html Product: MODx CMS and Application Framework Vendor: MODx Vulnerable Version: 1.0.3 and Probably Prior Versions Vendor Notification: 28 May 2010 Vulnerability Type: SQL Injection Status: N...

0.8AI score

Exploits0

OpenVAS•added 2010/06/11 12:0 a.m.•26 views

Fedora Update for zikula FEDORA-2010-8501

Check for the Version of zikula OpenVAS Vulnerability Test Fedora Update for zikula FEDORA-2010-8501 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

6.8CVSS6.4AI score0.02874EPSS

Exploits0References2

OpenVAS•added 2010/06/11 12:0 a.m.•21 views

Fedora Update for zikula FEDORA-2010-8464

Check for the Version of zikula OpenVAS Vulnerability Test Fedora Update for zikula FEDORA-2010-8464 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

6.8CVSS6.4AI score0.02874EPSS

Exploits0References2

Fedora•added 2010/06/07 10:19 p.m.•42 views

[SECURITY] Fedora 12 Update: zikula-1.2.3-1.fc12

A free open source Web Application Framework. It can be used to develop robust, secure, interactive and editable websites and web based applications. Zikula is written in PHP, object oriented, and fully modular. It requires a database and may use all leading database platforms like MySQL,...

6.8CVSS1.3AI score0.02874EPSS

Exploits0

Japan Vulnerability Notes•added 2010/05/17 12:0 a.m.•28 views

JVN#90248889: Interstage Application Server vulnerable in request processing

The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device. Impact Invalid requests may be processed or user information may be leaked...

6.4CVSS6.3AI score0.00762EPSS

Exploits0

Prion•added 2010/05/06 2:53 p.m.•16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 func parameter to index.php, or the 2 lang parameter to index.php, which is not properly handled by ZLanguage.php...

4.3CVSS6.1AI score0.02874EPSS

Exploits0References9Affected Software1

NVD•added 2010/05/06 12:47 p.m.•23 views

CVE-2010-1732

Cross-site request forgery CSRF vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address updateemail action...

6.8CVSS6.9AI score0.00109EPSS

Exploits0References2

Prion•added 2010/05/06 12:47 p.m.•11 views

Cross site request forgery (csrf)

6.8CVSS7.4AI score0.00109EPSS

Exploits0References2Affected Software1

Cvelist•added 2010/05/05 6:0 p.m.•30 views

CVE-2010-1732

6.8AI score0.00109EPSS

Exploits0References2

CVE•added 2010/05/05 6:0 p.m.•51 views

CVE-2010-1732

Zikula Application Framework up to version 1.2.3 has a CSRF vulnerability in the users module (updateemail action) that could allow an attacker to hijack an administrator’s email address. The flaw is addressed in the 1.2.3 release, which upstream fixed two security issues (XSS and CSRF) and remov...

6.8CVSS6.9AI score0.00109EPSS

Exploits0References2Affected Software1

CVE•added 2010/05/05 2:0 p.m.•77 views

CVE-2010-1724

CVE-2010-1724 affects Zikula Application Framework (v1.2.2 and possibly earlier). The vulnerability is XSS in the index.php handling of func and lang parameters via ZLanguage.php, enabling remote injection of arbitrary script/HTML. OpenVAS entries corroborate multiple XSS/CSRF issues for Zikula. ...

4.3CVSS5.7AI score0.02874EPSS

Exploits0References9Affected Software1

Cvelist•added 2010/05/05 2:0 p.m.•20 views

CVE-2010-1724

5.7AI score0.02874EPSS

Exploits0References9

Packet Storm•added 2010/05/05 12:0 a.m.•14 views

Zikula Application Framework 1.2.2 Cross Site Request Forgery

Vulnerability ID: HTB22351 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 19 April 2010 Vulnerability Type: CSR...

0.5AI score

Exploits0

securityvulns•added 2010/05/04 12:0 a.m.•40 views

XSRF (CSRF) in Zikula Application Framework

0.6AI score

Exploits0

Packet Storm•added 2010/04/28 12:0 a.m.•20 views

Zikula 1.2.2 Cross Site Scripting

Vulnerability ID: HTB22348 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinzikulaapplicationframework.html Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Version: 1.2.2 and Probably Prior Versions Vendor Notification: 13 April 2010 Vulnerability...

7.4AI score

Exploits0

securityvulns•added 2010/04/27 12:0 a.m.•42 views

XSS vulnerability in Zikula Application Framework

0.3AI score

Exploits0

exploitpack•added 2010/04/13 12:0 a.m.•10 views

Zikula Application Framework 1.2.2 - ZLanguage.php?lang Cross-Site Scripting

Zikula Application Framework 1.2.2 - ZLanguage.php?lang Cross-Site Scripting source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage th...

0.1AI score

Exploits0

Exploit DB•added 2010/04/13 12:0 a.m.•24 views

Zikula Application Framework 1.2.2 - 'index.php?func' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

7.4AI score

Exploits0

exploitpack•added 2010/04/13 12:0 a.m.•12 views

Zikula Application Framework 1.2.2 - index.php?func Cross-Site Scripting

Zikula Application Framework 1.2.2 - index.php?func Cross-Site Scripting source: https://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...

0.1AI score

Exploits0

htbridge•added 2010/04/13 12:0 a.m.•52 views

Multiple vulnerabilities in Zikula Application Framework

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting XSS and cross-site request forgery CSRF attacks. 1 XSRF CSRF in Zikula Application Framework: CVE-2010-1732 The vulnerability...

5.1CVSS1.2AI score0.02874EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by