CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8086 matches found

securityvulns•added 2008/08/04 12:0 a.m.•100 views

NeBoard Sql Injection Vulnerability

Discovered by : AleminKrali NeBoard Sql Injection Vulnerability Post Sql Dork :inurl:show.asp?id= ref= step= level= page= 2 html form 1.Form:It takes it:ID NAME 2.Form:Admin Password and later HTTP://SITE.COM/admin/boardedit.asp?id=IDNAME we are entering and 2.form Admin Password ile Login we are...

7.5AI score

Exploits0

RedHat Linux•added 2008/07/16 9:57 a.m.•1 views

php session ID leakage

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

4.3CVSS5.9AI score0.01712EPSS

Exploits0References4

Packet Storm•added 2008/07/15 12:0 a.m.•19 views

joomlanforms-sql.txt

!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " \n"; print " Mambot Component n-forms Blind SQL Injection Exploit \n"; print " Author:The Moorish :D \n"; print " Greetz:Team-dz,His0k4,x.CJP.x,Kader11000,c02,piRAte DIgitAL\n"; print " sites:www.h4cnc.com...

7.4AI score

Exploits0

seebug.org•added 2008/07/13 12:0 a.m.•15 views

Joomla Component n-forms 1.01 Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " \n"; print " Mambot Component n-forms Blind SQL Injection Exploit \n"; print " Author:The Moorish :D \n"; print " Greetz:Team-dz,His0k4,x.CJP.x,Kader11000,c02,piRAte DIgitAL\n";...

7.1AI score

Exploits0

0day.today•added 2008/07/12 12:0 a.m.•19 views

Joomla Component n-forms 1.01 Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================= Joomla Component n-forms 1.01 Blind SQL Injection Exploit ========================================================= !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1...

7.1AI score

Exploits0

exploitpack•added 2008/07/12 12:0 a.m.•16 views

Joomla! Component n-forms 1.01 - Blind SQL Injection

Joomla! Component n-forms 1.01 - Blind SQL Injection !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " \n"; print " Mambot Component n-forms Blind SQL Injection Exploit \n"; print " Author:The Moorish :D \n"; print "...

0.2AI score

Exploits0

Exploit DB•added 2008/07/12 12:0 a.m.•30 views

Joomla! Component n-forms 1.01 - Blind SQL Injection

7.4AI score

Exploits0

0day.today•added 2008/06/24 12:0 a.m.•25 views

Linksys WRT54G (firmware 1.00.9) Security Bypass Vulnerabilities (2)

Exploit for hardware platform in category remote exploits ==================================================================== Linksys WRT54G firmware 1.00.9 Security Bypass Vulnerabilities 2 ==================================================================== | l/ l j| \ / \ | \l j| \ | T l j| \...

7.1AI score0.30722EPSS

Exploits11

Japan Vulnerability Notes•added 2008/06/19 12:0 a.m.•27 views

JVN#45389864 CGIWrap error page cross-site scripting vulnerability

CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Impact An arbitrary script may be executed on the user's web browser. Solution Update...

4.3CVSS5.5AI score0.00475EPSS

Exploits0

Japan Vulnerability Notes•added 2008/05/20 3:0 p.m.•1 views

Advance-Flow cross-site scripting vulnerability

Overview Advance-Flow is an electronic authorization system. Advance-Flow contains a cross-site scripting vulnerability in its application form. Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms a...

5CVSS6.2AI score0.00507EPSS

Exploits0References9

Packet Storm•added 2008/05/05 12:0 a.m.•51 views

adv94-K-159-2008.txt

ECHOADV94$2008 ----------------------------------------------------------------------------------------- ECHOADV94$2008 Kmita Mail = 3.0 file Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni...

7.4AI score

Exploits0

PyPA•added 2008/04/25 6:5 a.m.•5 views

PYSEC-2008-12

The user form processing userform.py in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges...

6.8CVSS7.2AI score0.01EPSS

Exploits1References8Affected Software1

OSV•added 2008/04/21 1:5 p.m.•1 views

DEBIAN-CVE-2008-0165

Cross-site request forgery CSRF vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the 1 preferences and 2 edit forms...

4.3CVSS7.1AI score0.00242EPSS

Exploits0References1

Packet Storm•added 2008/03/21 12:0 a.m.•47 views

dotnetnuke-expose.txt

=========================================================== DotNetNuke Default Machine Key Exposure Public Release Date: March 20, 2008 Brian Holyfield - Gotham Digital Science [email protected] Affected Software: DotNetNuke = 4.8.1 Severity: Critical...

7.4AI score

Exploits0

NVD•added 2008/03/04 12:44 a.m.•11 views

CVE-2008-1131

Cross-site scripting XSS vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms...

3.5CVSS5.3AI score0.00282EPSS

Exploits0References3

Cvelist•added 2008/03/04 12:0 a.m.•19 views

CVE-2008-1131

Cross-site scripting XSS vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms...

5.3AI score0.00282EPSS

Exploits0References3

Drupal•added 2008/02/27 12:0 a.m.•512 views

SA-2008-018 - Drupal core - Cross site scripting

Titles are not escaped prior to being displayed on content edit forms, allowing users to inject arbitrary HTML and script code into these pages. The Drupal.checkPlain function, used to escape text in ECMAScript, contains a bug which causes it to escape only the first instance of a character,...

6.2AI score

Exploits0References5

NVD•added 2008/02/21 12:44 a.m.•15 views

CVE-2008-0855

SQL injection vulnerability in the Facile Forms comfacileforms component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php...

7.5CVSS8.4AI score0.00013EPSS

Exploits1References3

Prion•added 2008/02/21 12:44 a.m.•19 views

Sql injection

SQL injection vulnerability in the Facile Forms comfacileforms component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php...

7.5CVSS9.1AI score0.00013EPSS

Exploits1References3

CVE•added 2008/02/21 12:0 a.m.•45 views

CVE-2008-0855

CVE-2008-0855 describes an SQL injection in the Facile Forms (com_facileforms) component for Joomla! and Mambo, exploitable via the catid parameter to index.php. The vulnerability, as documented by NVD, has a base score of 7.5 (HIGH) with network attack vector, no authentication, and partial impa...

7.5CVSS8.4AI score0.00013EPSS

Exploits1References3Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by