CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8133 matches found

ATTACKERKB•added 2007/03/02 9:18 p.m.•1 views

CVE-2007-1181

WebAPP before 0.9.9.5 passes 1 Unused Informations and 2 the username through Edit Profile forms, which has unknown impact and attack vectors...

5CVSS5.4AI score0.00488EPSS

Exploits0References6

NVD•added 2007/03/02 9:18 p.m.•18 views

CVE-2007-1185

The 1 Search, 2 Edit Profile, 3 Recommend, and 4 User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors...

5CVSS6.7AI score0.00488EPSS

Exploits0References5

securityvulns•added 2007/02/27 12:0 a.m.•71 views

Mozilla Foundation Security Advisory 2007-02

Mozilla Foundation Security Advisory 2007-02 Title: Improvements to help protect against Cross-Site Scripting attacks Impact: Low Announced: February 23, 2007 Reporter: various Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Firefox 2.0.0.2 and 1.5.0.10...

5.8CVSS9.2AI score0.58957EPSS

Exploits3

Packet Storm•added 2007/02/13 12:0 a.m.•39 views

crfdb-disclose.txt

Title : Capital Request Forms Db Username and Password Vulnerabilities Author : Gokhan Contact : [email protected] Dork : inurl:commondb.inc Script : http://selfemployment.douglas.bc.ca/caprequest/ ExpLoit : http://site/path/inc/commondb.inc ; Code : commondb.inc...

7.4AI score

Exploits0

CVE•added 2007/02/12 8:0 p.m.•38 views

CVE-2007-0880

CVE-2007-0880 describes an access-control flaw where the application stores sensitive information under the web root, enabling remote attackers to retrieve database credentials by directly requesting inc/common_db.inc. The document set confirms the affected vector as an unauthenticated direct req...

7.8CVSS6.3AI score0.00344EPSS

Exploits0References2Affected Software1

securityvulns•added 2007/02/11 12:0 a.m.•56 views

Capital Request Forms Db Username and Password Vulnerabilities

0.1AI score

Exploits0

Ubuntu•added 2007/01/27 1:37 a.m.•56 views

USN-398-4: Firefox regression

USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when auto-filling saved-password login forms without a username field, Firefox would crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Various flaws have been reported that allow an attacke...

8.5AI score

Exploits0References1

RedHat Linux•added 2007/01/11 11:10 a.m.•3 views

security flaw

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the 1 FDF, 2 XML, or 3 XFDF AJAX request parameters...

7.5CVSS6.2AI score0.64856EPSS

Exploits1References4

securityvulns•added 2007/01/04 12:0 a.m.•45 views

Adobe Acrobat Reader Plugin - Multiple Vulnerabilities

Adobe Acrobat Reader Plugin - Multiple Vulnerabilities Original Advisory: http://www.wisec.it/vulns.php?page=9 Original Discovery and Research: Stefano Di Paola Contribution: Giorgio Fedon IE Dos, UXSS Analysis Elia Florio Poc and Code Execution analysis Status: Vendor Informed on 15 October 2006...

0.5AI score

Exploits0

Tenable Nessus•added 2006/10/20 12:0 a.m.•12 views

FreeBSD : drupal -- cross site request forgeries (937d5911-5f16-11db-ae08-0008743bf21a)

The Drupal Team reports : Visiting a specially crafted page, anywhere on the web, may allow that page to post forms to a Drupal site in the context of the visitor's session. To illustrate; suppose one has an active user 1 session, the most powerful administrator account for a site, to a Drupal si...

5.6AI score

Exploits0References3

NVD•added 2006/10/18 1:7 a.m.•14 views

CVE-2006-5358

Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln FORM01...

10CVSS6.3AI score0.00792EPSS

Exploits0References8

NVD•added 2006/10/18 1:7 a.m.•14 views

CVE-2006-5365

Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors, aka Vuln FORM02...

10CVSS6.3AI score0.00792EPSS

Exploits0References8

Cvelist•added 2006/10/18 1:0 a.m.•21 views

CVE-2006-5365

9AI score0.00792EPSS

Exploits0References8

CVE•added 2006/10/18 1:0 a.m.•49 views

CVE-2006-5360

Technical details for CVE-2006-5360 are not publicly available in the provided documents. Monitor for updates; no further specifics (impact, vectors, or remediation) can be stated from these sources.

10CVSS9AI score0.00792EPSS

Exploits0References8Affected Software1

Cvelist•added 2006/10/18 1:0 a.m.•15 views

CVE-2006-5358

Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln FORM01...

9AI score0.00792EPSS

Exploits0References8

CVE•added 2006/10/18 1:0 a.m.•56 views

CVE-2006-5365

Technical details for CVE-2006-5365 are not publicly provided in the supplied documents; no affected product versions, root cause, or remediation are specified. Monitor for updates from official advisories.

10CVSS9AI score0.00792EPSS

Exploits0References8Affected Software2

Cvelist•added 2006/10/18 1:0 a.m.•19 views

CVE-2006-5360

Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.2 has unknown impact and remote attack vectors, aka Vuln FORM03...

9AI score0.00792EPSS

Exploits0References8

CVE•added 2006/10/18 1:0 a.m.•59 views

CVE-2006-5358

Technical details of CVE-2006-5358 are not publicly available in the provided documents. Monitor for updates from Oracle advisories or security bulletins; current sources confirm an unspecified vulnerability in Oracle Forms without specifics.

10CVSS9AI score0.00792EPSS

Exploits0References8Affected Software1

securityvulns•added 2006/10/11 12:0 a.m.•50 views

ASP.NET crossite scripting

Crossite scripting with AutoPostBack forms...

1.7AI score

Exploits0References1Affected Software1

exploitpack•added 2006/07/27 12:0 a.m.•20 views

GeoClassifieds Enterprise 2.0.5.x - index.php Multiple Cross-Site Scripting Vulnerabilities

GeoClassifieds Enterprise 2.0.5.x - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/19196/info GeoClassifieds Enterprise is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attack...

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by