CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13185 matches found

seebug.org•added 2013/06/14 12:0 a.m.•35 views

易思espcms某处sql注入漏洞，附详细分析与POC代码

简要描述：小菜刚学代码审核详细说明：文件 /interface/forummain.php中$userid未过滤进入sql语句第17行到32行 function inlist parent::startpagetemplate; parent::memberpurview0, $this-mlink'orderlist'; includeonce adminROOT . 'public/classpagebotton.php'; $lng = adminLNG == 'big5' ? $this-CON'islancode' : adminLNG; $page =...

7.1AI score

Exploits0

Packet Storm•added 2013/06/11 12:0 a.m.•23 views

Fobuc Guestbook 0.9 SQL Injection

Exploit Title : Fobuc Guestbook 0.9 SQL Injection Date : 11 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://sourceforge.net/projects/fobuc/ Software Link : http://jaist.dl.sourceforge.net/project/fobuc/0.9/Release/FOBUC0.9.zip Version : 0.9 Tested on :...

0.3AI score

Exploits0

NVD•added 2013/05/31 12:20 p.m.•19 views

CVE-2013-3721

SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter...

7.5CVSS8.4AI score0.02279EPSS

Exploits1References3

Cvelist•added 2013/05/31 10:0 a.m.•24 views

CVE-2013-3721

SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter...

8.4AI score0.02279EPSS

Exploits1References3

NVD•added 2013/05/27 2:55 p.m.•18 views

CVE-2013-2956

SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8AI score0.0113EPSS

Exploits0References2

Prion•added 2013/05/27 2:55 p.m.•9 views

Sql injection

7.5CVSS8.6AI score0.0113EPSS

Exploits0References2Affected Software1

Cvelist•added 2013/05/27 2:0 p.m.•20 views

CVE-2013-2956

8AI score0.0113EPSS

Exploits0References2

NVD•added 2013/05/23 3:55 p.m.•16 views

CVE-2012-6560

SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter...

7.5CVSS8.4AI score0.01131EPSS

Exploits1References3

Prion•added 2013/05/23 3:55 p.m.•9 views

Sql injection

SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter...

7.5CVSS9AI score0.01131EPSS

Exploits1References3Affected Software1

Cvelist•added 2013/05/23 3:0 p.m.•21 views

CVE-2012-6560

SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter...

8.4AI score0.01131EPSS

Exploits1References3

OwnCloud•added 2013/05/14 2:0 a.m.•54 views

Server: Multiple SQL injection

ownCloud before 5.0.6 does not neutralize special elements that are passed to the SQL query in lib/db.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. CVE-2013-2045 ownCloud before 5.0.6 and 4.5.11 does not neutralize special elements that are passed to the...

6.5CVSS7.1AI score0.01593EPSS

Exploits0Affected Software1

OpenVAS•added 2013/05/14 12:0 a.m.•26 views

WHMCS <= 4.5.2 SQLi Vulnerability

WHMCS is prone to an SQL injection SQLi vulnerability. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...

8.3AI score

Exploits0References2

NVD•added 2013/05/13 11:55 p.m.•17 views

CVE-2013-3537

Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 idpost or 2 pg parameter...

7.5CVSS8.5AI score0.02224EPSS

Exploits1References4

Prion•added 2013/05/13 11:55 p.m.•9 views

Sql injection

Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 idpost or 2 pg parameter...

7.5CVSS9.3AI score0.02224EPSS

Exploits1References4Affected Software1

Cvelist•added 2013/05/13 11:0 p.m.•16 views

CVE-2013-3537

Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 idpost or 2 pg parameter...

8.5AI score0.02224EPSS

Exploits1References4

NVD•added 2013/05/10 9:55 p.m.•17 views

CVE-2013-3524

SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS...

7.5CVSS8.4AI score0.02567EPSS

Exploits1References7

NVD•added 2013/05/10 9:55 p.m.•16 views

CVE-2013-3522

SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter...

6.5CVSS7.8AI score0.27084EPSS

Exploits9References2

NVD•added 2013/05/10 9:55 p.m.•21 views

CVE-2013-3531

SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlistid parameter...

7.5CVSS8.4AI score0.02224EPSS

Exploits1References4

Prion•added 2013/05/10 9:55 p.m.•20 views

Sql injection

6.5CVSS8.5AI score0.27084EPSS

Exploits9References2Affected Software1

Prion•added 2013/05/10 9:55 p.m.•12 views