Lucene search
K

210 matches found

Cvelist
Cvelist
added 2006/06/12 8:0 p.m.19 views

CVE-2006-2959

SQL injection vulnerability in incheader.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie...

8.3AI score0.0145EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2006/05/03 12:0 a.m.16 views

WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion

The remote host is running WEBalbum, a photo album application written in PHP. The installed version of WEBalbum fails to sanitize user input to the 'skin2' cookie in 'inc/incmain.php' before using it to include arbitrary files. An unauthenticated attacker may be able to read arbitrary local file...

5.1CVSS5.6AI score0.03208EPSS
Exploits1References1
Prion
Prion
added 2006/04/21 10:2 p.m.14 views

Sql injection

SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbbusername COOKIE parameter...

7.5CVSS9.1AI score0.0126EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2006/04/21 10:0 p.m.20 views

CVE-2006-1978

SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbbusername COOKIE parameter...

8.4AI score0.0126EPSS
Exploits1References4
Cvelist
Cvelist
added 2006/03/29 1:0 a.m.18 views

CVE-2006-1480

Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by 1 injecting code into local log files via GET commands, then 2 accessing that log via a .. dot dot sequence and a trailing null %00 byte in the skin2 COOKIE...

7.2AI score0.03208EPSS
Exploits1References6
NVD
NVD
added 2006/03/19 11:6 a.m.10 views

CVE-2006-1276

admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie...

10CVSS7AI score0.03539EPSS
Exploits1References8
Prion
Prion
added 2006/03/02 11:2 p.m.16 views

Sql injection

SQL injection vulnerability in misc.php in MyBulletinBoard MyBB 1.03, when registerglobals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected...

7.5CVSS8.6AI score0.03743EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2006/03/02 11:2 p.m.10 views

CVE-2006-0962

SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie...

7.5CVSS8.2AI score0.02455EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/03/02 11:0 p.m.23 views

CVE-2006-0962

SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie...

8.2AI score0.02455EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/01/22 8:0 p.m.25 views

CVE-2006-0372

Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the 1 blogphpusername or 2 blogphppassword parameter in a cookie...

8.5AI score0.01291EPSS
Exploits1References7
Rows per page
Query Builder