Lucene search
K

356 matches found

NVD
NVD
added 2006/07/13 10:5 a.m.12 views

CVE-2006-3576

SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

7.5CVSS8.1AI score0.01106EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/06/06 8:3 p.m.21 views

CVE-2005-2461

Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the 1 year or 2 date parameter...

8.5AI score0.02287EPSS
Exploits0References5
NVD
NVD
added 2006/05/31 10:6 a.m.22 views

CVE-2006-2689

Multiple cross-site scripting XSS vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 debutimage parameter in a article-album.php3, 2 date parameter in b rubrique.php3, and the 3 perso and 4 aide parameters to c an unknown script,...

6.8CVSS5.8AI score0.01989EPSS
Exploits1References5
Prion
Prion
added 2006/05/31 10:6 a.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 debutimage parameter in a article-album.php3, 2 date parameter in b rubrique.php3, and the 3 perso and 4 aide parameters to c an unknown script,...

6.8CVSS6.1AI score0.01989EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2006/05/09 10:2 a.m.14 views

Cross site scripting

Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

2.6CVSS6.4AI score0.02008EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2006/05/09 10:2 a.m.12 views

CVE-2006-2265

Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

2.6CVSS6AI score0.02008EPSS
Exploits1References5
Cvelist
Cvelist
added 2006/05/09 10:0 a.m.15 views

CVE-2006-2265

Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6AI score0.02008EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2006/04/20 12:0 a.m.8 views

PT-2006-2914 · Unknown · Green Minute

Name of the Vulnerable Software and Affected Versions: Green Minute versions 1.0 and earlier Description: Multiple SQL injection vulnerabilities in userscript.php allow remote attackers to execute arbitrary SQL commands via the huserid, pituus, or date parameters. The vendor has disputed this...

6.4CVSS8.8AI score0.01156EPSS
Exploits0References7
Cvelist
Cvelist
added 2006/04/19 4:0 p.m.18 views

CVE-2006-1848

Multiple cross-site scripting XSS vulnerabilities in statsview.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 datefrom, 2 dateto, and 3 date parameter...

5.8AI score0.01343EPSS
Exploits2References6
Prion
Prion
added 2006/03/28 8:2 p.m.15 views

Sql injection

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...

7.5CVSS9.7AI score0.01935EPSS
Exploits1References8
NVD
NVD
added 2006/03/28 8:2 p.m.16 views

CVE-2006-1426

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...

7.5CVSS8.9AI score0.01935EPSS
Exploits1References8
Cvelist
Cvelist
added 2006/03/28 8:0 p.m.20 views

CVE-2006-1426

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...

8.9AI score0.01935EPSS
Exploits1References8
NVD
NVD
added 2006/03/19 1:2 a.m.25 views

CVE-2006-1252

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

7.5CVSS7.8AI score0.02551EPSS
Exploits1References3
Prion
Prion
added 2006/03/19 1:2 a.m.18 views

Sql injection

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

7.5CVSS8.4AI score0.02551EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2006/01/13 11:0 p.m.5 views

EUVD-2006-0214

Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...

7.5CVSS7.8AI score0.04279EPSS
Exploits1References9
Cvelist
Cvelist
added 2005/08/04 4:0 a.m.21 views

CVE-2004-2296

The previewreview function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message...

6.2AI score0.01708EPSS
Exploits1References5
Rows per page
Query Builder