CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

8980 matches found

Cvelist•added 2005/08/23 4:0 a.m.•13 views

CVE-2005-2677

ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server...

6.2AI score0.00306EPSS

Exploits0References1

CVE•added 2005/08/23 4:0 a.m.•53 views

CVE-2005-2677

CVE-2005-2677 affects ACNews. The vulnerability arises because ACNews stores its database in a file under the web document root (extension .db.inc) and uses insufficient access control, enabling remote attackers to obtain sensitive information such as the server’s full pathname. The available doc...

5CVSS6.6AI score0.00306EPSS

Exploits0References1Affected Software1

NVD•added 2005/08/23 4:0 a.m.•9 views

CVE-2005-2677

ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server...

5CVSS6.2AI score0.00306EPSS

Exploits0References1

Exploit DB•added 2005/08/22 12:0 a.m.•54 views

RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection

source: https://www.securityfocus.com/bid/14631/info RunCMS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the...

exploitpack•added 2005/08/21 12:0 a.m.•13 views

jPORTAL 2.2.12.3.1 - download.php SQL Injection

jPORTAL 2.2.12.3.1 - download.php SQL Injection source: https://www.securityfocus.com/bid/14926/info JPortal is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

Packet Storm•added 2005/08/18 12:0 a.m.•22 views

mediabox404.txt

Product: mediabox404 WebRadio & WebTV manager Version: 1.2 Release and previous URL: http://www.mediabox404.org VULNERABILITY CLASS: SQL injection PRODUCT DESCRIPTION This is a group of modulesadministration, client, programmation, diffusion in PHP/MySQL database that allows a webradio to manage...

Exploit DB•added 2005/08/16 12:0 a.m.•18 views

Soft4e ECW-Shop 6.0.2 - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/14576/info ECW Shop is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. The consequences of this attack may vary depending on the type of...

Exploit DB•added 2005/08/12 12:0 a.m.•40 views

MyBulletinBoard (MyBB) RC4 - 'member.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise...

Exploit DB•added 2005/08/12 12:0 a.m.•36 views

MyBulletinBoard (MyBB) RC4 - 'Username' SQL Injection

source: https://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise...

Packet Storm•added 2005/08/10 12:0 a.m.•35 views

funkboard066.txt

FunkBoard V0.66CF possibly prior versions cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution software: author site: http://www.pathtofunkboard.co.uk/ xss: http://target/pathtofunkboard/editpost.php?fbusername="alertdocument.cookie...

exploitpack•added 2005/08/09 12:0 a.m.•11 views

TriggerTG TClanPortal 3.0 - Multiple SQL Injections

TriggerTG TClanPortal 3.0 - Multiple SQL Injections source: https://www.securityfocus.com/bid/14516/info TClanPortal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries...

Exploit DB•added 2005/08/08 12:0 a.m.•32 views

PHP Lite Calendar Express 2.2 - 'Subscribe.php?cid' SQL Injection

source: https://www.securityfocus.com/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the applicatio...

Exploit DB•added 2005/08/06 12:0 a.m.•24 views

PHP-Fusion 4.0/5.0/6.0 - 'messages.php' SQL Injection

source: https://www.securityfocus.com/bid/14489/info PHP-Fusion is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'messages.php' script before using it in an SQL query. Successful exploitation could result...

Packet Storm•added 2005/08/05 12:0 a.m.•18 views

phpList.txt

http://example.com/lists/admin/?page=members&id=1%20union%20select%20null,password,null,null%20from%20phplistadmin%20where%20superuser=1/sppassword Although not completely open because one must authenticate, but completely leaves the database open.. thus being a SQL Injection hole...

Exploit DB•added 2005/08/04 12:0 a.m.•24 views

PortailPHP 2.4 - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/14474/info Portail PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. The consequences of this attack may vary depending on the type of...

Tenable Nessus•added 2005/08/02 12:0 a.m.•17 views

GLSA-200508-02 : ProFTPD: Format string vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200508-02 ProFTPD: Format string vulnerabilities 'infamous42md' reported that ProFTPD is vulnerable to format string vulnerabilities when displaying a shutdown message containing the name of the current directory, and when...

6.4CVSS6.1AI score0.01235EPSS

Exploits0References2

exploitpack•added 2005/07/30 12:0 a.m.•11 views

Kayako Live Response 2.0 - index.php Calendar Feature Multiple SQL Injections

Kayako Live Response 2.0 - index.php Calendar Feature Multiple SQL Injections source: https://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation...

Exploit DB•added 2005/07/30 12:0 a.m.•27 views

Kayako Live Response 2.0 - 'index.php' Calendar Feature Multiple SQL Injections

source: https://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. The cross-site scripting and HTML injection vulnerabilities may allow for...

securityvulns•added 2005/07/23 12:0 a.m.•40 views

[Full-disclosure] [Argeniss] Oracle 9R2 Unpatched vulnerability on CWM2_OLAP_AW_AWUTIL package

Oracle 9R2 Unpatched vulnerability on CWM2OLAPAWAWUTIL package Date: 07/22/2005 Esteban Martinez Fayo member of Argeniss security research team reported a security vulnerability to Oracle some months ago, the vulnerability is on OLAPSYS.CWM2OLAPAWAWUTIL package affecting Oracle Database Server 9i...

securityvulns•added 2005/07/22 12:0 a.m.•23 views

Multiple MySQL database management system vulnerabilities

Multiple DoS, vulnerable zlib version is used...

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by