CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SQL injection vulnerability in the BF Survey Pro combfsurveypro component before 1.3.1, BF Survey Pro Free combfsurveyprofree component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE:...

7.5CVSS8.8AI score0.00488EPSS

Exploits2References1

NVD•added 2010/06/09 8:30 p.m.•7 views

CVE-2010-2259

Directory traversal vulnerability in the BF Survey combfsurvey component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php...

7.5CVSS7.1AI score0.03619EPSS

Exploits1References6

NVD•added 2010/06/09 8:30 p.m.•14 views

CVE-2010-2255

7.5CVSS8.4AI score0.00488EPSS

Exploits2References5

Prion•added 2010/06/09 8:30 p.m.•14 views

Sql injection

7.5CVSS9AI score0.00488EPSS

Exploits2References5Affected Software3

Prion•added 2010/06/09 8:30 p.m.•12 views

Directory traversal

7.5CVSS7.6AI score0.03619EPSS

Exploits1References6Affected Software3

Cvelist•added 2010/06/09 8:0 p.m.•13 views

CVE-2010-2259

7.1AI score0.03619EPSS

Exploits1References6

CVE•added 2010/06/09 8:0 p.m.•91 views

CVE-2010-2259

CVE-2010-2259 is a directory traversal / local file inclusion vulnerability in the Joomla! BF Survey component (com_bfsurvey). The Nuclei template and related references describe exploitation via a ../ in the controller parameter to index.php, enabling remote attackers to include and potentially ...

7.5CVSS7.4AI score0.03619EPSS

Exploits1References6Affected Software1

CVE•added 2010/06/09 8:0 p.m.•54 views

CVE-2010-2255

CVE-2010-2255 describes an SQL injection in Joomla! extensions BF Survey Pro (com_bfsurvey_pro) prior to 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) prior to 1.2.6, and BF Survey Basic prior to 1.2, exploitable via the catid parameter to index.php. Public sources (including NVD and Red Hat) ...

7.5CVSS8.7AI score0.00488EPSS

Exploits2References5Affected Software1

NVD•added 2010/01/18 8:30 p.m.•10 views

CVE-2009-4625

SQL injection vulnerability in the updateOnePage function in components/combfsurveypro/controller.php in BF Survey Pro Free combfsurveyprofree 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an...

7.5CVSS8.3AI score0.00193EPSS

Exploits0References6

Cvelist•added 2010/01/18 8:0 p.m.•13 views

CVE-2009-4625

8.3AI score0.00193EPSS

Exploits0References6

CVE•added 2010/01/18 8:0 p.m.•52 views

CVE-2009-4625

The CVE-2009-4625 entry concerns BF Survey Pro Free (com_bfsurvey_profree) for Joomla! where the updateOnePage action (table parameter) is vulnerable to SQL injection. Affected versions include 1.2.4 and other versions prior to 1.2.6. The vulnerability arises from improper validation of the table...

7.5CVSS8.7AI score0.00193EPSS

Exploits0References6Affected Software1

Packet Storm•added 2010/01/04 12:0 a.m.•21 views

Joomla BF Survey Pro SQL Injection

1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...

1AI score

Exploits0

Tenable Nessus•added 2009/09/15 12:0 a.m.•43 views

BF Survey Pro Component for Joomla! 'table' Parameter SQLi

The version of BF Survey Pro or BF Survey Pro Free for Joomla! running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'table' parameter in a POST request when 'task' is set to 'updateOnePage' before using it to construct...

7.5CVSS5.9AI score0.00193EPSS

Exploits0References2

seebug.org•added 2009/09/11 12:0 a.m.•15 views

Joomla Component BF Survey Pro Free SQL Injection Exploit

No description provided by source. ?php echo 'h2Joomla Component BF Survey Pro Free SQL Injection Exploit/h2'; echo 'h4jdc 2009/h4'; echo 'pGoogle dork: inurl:combfsurveyprofree/p'; iniset "memorylimit", "128M" ; iniset "maxexecutiontime", 0 ; settimelimit 0 ; if !isset $GET'url' die 'Usage:...

7.1AI score

Exploits0

Packet Storm•added 2009/09/10 12:0 a.m.•43 views

Joomla BF Survey Pro Free SQL Injection

Joomla Component BF Survey Pro Free SQL Injection Exploit'; echo 'jdc 2009'; echo 'Google dork: inurl:combfsurveyprofree'; iniset "memorylimit", "128M" ; iniset "maxexecutiontime", 0 ; settimelimit 0 ; if !isset $GET'url' die 'Usage: '.$SERVER'SCRIPTNAME'.'?url=www.victim.com' ; $vulnerableFile =...

0.8AI score

Exploits0

Exploit DB•added 2009/09/09 12:0 a.m.•41 views

Joomla! Component BF Survey Pro Free - SQL Injection

7.4AI score

Exploits0

exploitpack•added 2009/09/09 12:0 a.m.•15 views

Joomla! Component BF Survey Pro Free - SQL Injection

Joomla! Component BF Survey Pro Free - SQL Injection Joomla Component BF Survey Pro Free SQL Injection Exploit'; echo 'jdc 2009'; echo 'Google dork: inurl:combfsurveyprofree'; iniset "memorylimit", "128M" ; iniset "maxexecutiontime", 0 ; settimelimit 0 ; if !isset $GET'url' die 'Usage:...

0.8AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by