CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

0day.today•added 2008/04/14 12:0 a.m.•15 views

BosNews 4.0 (article) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== BosNews 4.0 article Remote SQL Injection Vulnerability ======================================================== By CrackersChild BosNews v4.0 Remote Sql injection Exploit Script...

7.1AI score

Exploits0

Prion•added 2007/11/05 7:46 p.m.•9 views

Authentication flaw

Install.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service overwritten files and possibly obtain administrative access...

5CVSS7.7AI score0.00981EPSS

Exploits0References2Affected Software1

NVD•added 2007/11/05 7:46 p.m.•11 views

CVE-2007-5835

5CVSS7.1AI score0.00981EPSS

Exploits0References2

Prion•added 2007/11/05 7:46 p.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via 1 user info account details or 2 a post...

3.5CVSS5.6AI score0.00173EPSS

Exploits0References2

NVD•added 2007/11/05 7:46 p.m.•13 views

CVE-2007-5834

Cross-site scripting XSS vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post...

4.3CVSS5.6AI score0.00278EPSS

Exploits0References3

Prion•added 2007/11/05 7:46 p.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post...

4.3CVSS6.1AI score0.00278EPSS

Exploits0References3Affected Software1

CVE•added 2007/11/05 7:0 p.m.•44 views

CVE-2007-5833

CVE-2007-5833 concerns multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System. The affected component is the BosMarket system itself, where remote authenticated users can inject arbitrary script or HTML via (1) the user information (account details) or (...

3.5CVSS5.4AI score0.00173EPSS

Exploits0References2Affected Software1

Cvelist•added 2007/11/05 7:0 p.m.•21 views

CVE-2007-5835

7.1AI score0.00981EPSS

Exploits0References2

Cvelist•added 2007/11/05 7:0 p.m.•17 views

CVE-2007-5834

Cross-site scripting XSS vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post...

5.6AI score0.00278EPSS

Exploits0References3

CVE•added 2007/11/05 7:0 p.m.•39 views

CVE-2007-5834

CVE-2007-5834 is an XSS vulnerability in BosDev BosNews 4 that lets remote attackers inject arbitrary script/HTML via a SCRIPT element in a news post. Supported details from NVD: CVSS2 base score 4.3 (Medium), vector AV:N/AC:M/Au:N/C:N/I:P/A:N; attack requires network access, no authentication, b...

4.3CVSS5.7AI score0.00278EPSS

Exploits0References3Affected Software1

Cvelist•added 2007/11/05 7:0 p.m.•21 views

CVE-2007-5833

5.4AI score0.00173EPSS

Exploits0References2

CVE•added 2007/11/05 7:0 p.m.•37 views

CVE-2007-5835

CVE-2007-5835 affects BosDev BosNews 4 and 5, where Install.php does not require authentication for replacing an existing installation or creating a new admin account. The described impact is denial of service via overwritten files and the possibility of obtaining administrative access. No explic...

5CVSS7.1AI score0.00981EPSS

Exploits0References2Affected Software1

securityvulns•added 2007/10/24 12:0 a.m.•96 views

Bosdev Multiple vulnerabilities

BosMarket Business Directory System http://www.bosdev.com BosMarket Multiple XSS vulnerabilities BosMarket is a craigslist like application that attempts to let users refer other small businesses. The problem is that when you post listings, its a a no holds barred kind of deal. Firstly, One can...

6.2AI score

Exploits0

NVD•added 2006/08/01 9:4 p.m.•10 views

CVE-2006-3957

PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter...

7.5CVSS7.5AI score0.02067EPSS

Exploits1References3

CVE•added 2006/08/01 9:0 p.m.•42 views

CVE-2006-3957

The CVE-2006-3957 issue affects BosDev BosDates, specifically the payment.php component. The vulnerability is a remote file inclusion that allows an attacker to craft a URL in the insPath parameter to cause the application to execute arbitrary PHP code on the server. This is a server-side code ex...

7.5CVSS7.9AI score0.02067EPSS

Exploits1References3Affected Software1

Cvelist•added 2006/08/01 9:0 p.m.•13 views

CVE-2006-3957

PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter...

7.5AI score0.02067EPSS

Exploits1References3

securityvulns•added 2005/11/26 12:0 a.m.•20 views

BosDates v4.0 SQL vuln

BosDates v4.0 SQL vuln Vuln. dicovered by : r0t Date: 26 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/bosdates-v40-sql-vuln.html Vendor:http://www.bosdev.com/bosdates/ affected version: BosDates v4.0 and prior Product description: The BosDates event calendar is a flexible calend...

0.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by