CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10447 matches found

OpenVAS•added 2011/11/30 12:0 a.m.•47 views

Zabbix 1.8.3, 1.8.4 SQLi Vulnerability

Zabbix is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

7.5CVSS7.2AI score0.02549EPSS

Exploits2References1

exploitpack•added 2011/11/23 12:0 a.m.•21 views

Pro Clan Manager 0.4.2 - SQL Injection

Pro Clan Manager 0.4.2 - SQL Injection source: https://www.securityfocus.com/bid/50794/info Pro Clan Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

1AI score

Exploits0

Exploit DB•added 2011/11/23 12:0 a.m.•23 views

Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection

source: https://www.securityfocus.com/bid/50777/info Dolibarr is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Exploiting these issues could allow an attacker to...

7.4AI score

Exploits0

OpenVAS•added 2011/11/21 12:0 a.m.•439 views

webERP Information Disclosure, SQL Injection, and Cross Site Scripting Vulnerabilities

webERP is prone to information-disclosure, SQL-injection, and cross- site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may exploit the information-disclosure issue to gain access to sensitive information that may lead to further attacks. An...

6.9AI score

Exploits0References3

OpenVAS•added 2011/11/15 12:0 a.m.•33 views

Cacti Unspecified SQL Injection and Cross Site Scripting Vulnerabilities

Cacti is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user- supplied data. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify...

7.5CVSS0.8AI score0.0322EPSS

Exploits2References3

Prion•added 2011/11/03 10:55 a.m.•12 views

Sql injection

The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors...

5.5CVSS6.5AI score0.01316EPSS

Exploits0References5Affected Software4

OpenVAS•added 2011/11/03 12:0 a.m.•17 views

BestShopPro 'str' Parameter Cross Site Scripting and SQL Injection Vulnerabilities

BestShopPro is prone to cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user- supplied data. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or...

0.4AI score

Exploits0References2

exploitpack•added 2011/11/01 12:0 a.m.•17 views

Symphony 2.2.3 - symphonypublishimages?filter Cross-Site Scripting

Symphony 2.2.3 - symphonypublishimages?filter Cross-Site Scripting source: https://www.securityfocus.com/bid/50470/info Symphony is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data...

Exploits0

Exploit DB•added 2011/11/01 12:0 a.m.•26 views

Symphony 2.2.3 - '/symphony/publish/comments?filter' SQL Injection

source: https://www.securityfocus.com/bid/50470/info Symphony is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal...

7.4AI score

Exploits0

OpenVAS•added 2011/10/24 12:0 a.m.•14 views

PreProjects Pre Studio Business Cards Designer 'page.php' SQL Injection Vulnerability

Pre Studio Business Cards Designer is prone to an SQL-injection vulnerability because the application fails to properly sanitize user- supplied input before using it in an SQL query. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

7.8AI score

Exploits0References1

OSV•added 2011/10/19 10:55 a.m.•5 views

CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

6.2AI score

Exploits0References9

Exploit DB•added 2011/10/18 12:0 a.m.•18 views

Site@School 2.4.10 - '/index.php' Cross-Site Scripting / SQL Injection

source: https://www.securityfocus.com/bid/50195/info Site@School is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or...

7.4AI score

Exploits0

exploitpack•added 2011/10/14 12:0 a.m.•10 views

Xenon - id Multiple SQL Injections

Xenon - id Multiple SQL Injections source: https://www.securityfocus.com/bid/50141/info Xenon is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to...

8.1AI score

Exploits0

OpenVAS•added 2011/09/28 12:0 a.m.•13 views

openEngine 'id' Parameter SQL Injection Vulnerability

openEngine is prone to an SQL Injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlyi...

0.6AI score

Exploits0References3

exploitpack•added 2011/09/28 12:0 a.m.•13 views

Traq 2.2 - Multiple SQL Injections Cross-Site Scripting

Traq 2.2 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/49835/info Traq is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow...

0.3AI score

Exploits0

OpenVAS•added 2011/09/22 12:0 a.m.•15 views

GeoClassifieds Lite Multiple Vulnerabilities (Sep 2011) - Active Check

GeoClassifieds Lite is prone to multiple SQL injection SQLi and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.3AI score

Exploits0References1

exploitpack•added 2011/09/21 12:0 a.m.•14 views

OneCMS 2.6.4 - Multiple SQL Injections

OneCMS 2.6.4 - Multiple SQL Injections source: https://www.securityfocus.com/bid/49733/info OneCMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...

0.3AI score

Exploits0

exploitpack•added 2011/09/18 12:0 a.m.•11 views

phpRS 2.8.1 - Multiple SQL Injections Cross-Site Scripting

phpRS 2.8.1 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/49729/info phpRS is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these...

0.3AI score

Exploits0

Cvelist•added 2011/09/17 10:0 a.m.•22 views

CVE-2011-1740

EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain...

5.8AI score0.01126EPSS

Exploits0References5

exploitpack•added 2011/09/17 12:0 a.m.•11 views

Ay Computer (Multiple Products) - Multiple SQL Injections

Ay Computer Multiple Products - Multiple SQL Injections source: https://www.securityfocus.com/bid/49668/info Multiple Ay Computer products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting...

0.7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by