CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1491 matches found

Prion•added 2013/05/23 3:55 p.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title...

4.3CVSS6.2AI score0.00341EPSS

Exploits1References4Affected Software1

Prion•added 2013/05/23 3:55 p.m.•14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary web script or HTML via the 1 AboutMe/RealName, 2 AboutMe/Name, 3 AboutMe/Quote, 4 AboutMe/Loc, 5 AboutMe/Emp, 6 AboutMe/JobTit, 7 AboutMe/HS, 8 AboutMe/Col, ...

4.3CVSS6.2AI score0.00349EPSS

Exploits1References4Affected Software1

CVE•added 2013/05/23 3:0 p.m.•43 views

CVE-2012-6557

Multiple XSS vulnerabilities in the AboutMe plugin 1.1.1 for Vanilla Forums allow remote attackers to inject arbitrary script/HTML via any of 15 AboutMe fields on the Edit My Details page (RealName, Name, Quote, Loc, Emp, JobTit, HS, Col, Bio, Inter, Mus, Gam, Mov, FTV, Bks). Affected software: V...

4.3CVSS6AI score0.00349EPSS

Exploits1References4Affected Software1

Cvelist•added 2013/05/23 3:0 p.m.•20 views

CVE-2012-6557

5.9AI score0.00349EPSS

Exploits1References4

Cvelist•added 2013/05/23 3:0 p.m.•15 views

CVE-2012-6555

Cross-site scripting XSS vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title...

5.8AI score0.00341EPSS

Exploits1References4

CVE•added 2013/05/23 3:0 p.m.•41 views

CVE-2012-6556

CVE-2012-6556 describes multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNames plugin 1.1.1 for Vanilla Forums. The issue enables remote attackers to inject arbitrary web script or HTML via the (1) User/FirstName or (2) User/LastName parameter on the edit user page. The NVD ent...

4.3CVSS6AI score0.0043EPSS

Exploits0References4Affected Software1

CVE•added 2013/05/23 3:0 p.m.•50 views

CVE-2012-6555

CVE-2012-6555 is an XSS vulnerability in the Vanilla Forums LatestComment plugin 1.1. The issue allows remote attackers to inject arbitrary script/HTML via the discussion title, indicating a flaw in input handling within the plugin’s comment/discussion title processing. The CVSS data in the prima...

4.3CVSS5.9AI score0.00341EPSS

Exploits1References4Affected Software1

Packet Storm•added 2013/05/13 12:0 a.m.•36 views

Sony PSN Community Lithium Forums 2012 Q4 Script Insertion

Title: ====== Sony PSN Community - Mail Encoding Web Vulnerability Date: ===== 2013-05-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=748 VL-ID: ===== 747 Common Vulnerability Scoring System: ==================================== 3.1 Introduction: =============...

0.1AI score

Exploits0

Packet Storm•added 2013/05/13 12:0 a.m.•31 views

Sony PSN Community Lithium Forums 2012 Q4 XSS

Title: ====== Sony PSN Community - Persistent Web Vulnerability Date: ===== 2013-05-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=746 VL-ID: ===== 746 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

7.4AI score

Exploits0

Packet Storm•added 2013/05/13 12:0 a.m.•17 views

Sony PSN Community Lithium Forums 2012 Q4 Script Insertion

Title: ====== Sony PSN Community - Mail Encoding Web Vulnerability Date: ===== 2013-05-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=748 VL-ID: ===== 748 Common Vulnerability Scoring System: ==================================== 3.1 Introduction: =============...

0.1AI score

Exploits0

NVD•added 2013/05/10 9:55 p.m.•18 views

CVE-2013-3528

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."...

7.5CVSS6.5AI score0.04513EPSS

Exploits7References3

NVD•added 2013/05/10 9:55 p.m.•8 views

CVE-2013-3527

Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to 1 entry/signin or 2 entry/passwordrequest...

7.5CVSS8.5AI score0.03643EPSS

Exploits2References12

Prion•added 2013/05/10 9:55 p.m.•17 views

Design/Logic Flaw

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."...

7.5CVSS7.1AI score0.04513EPSS

Exploits7References3Affected Software1

Prion•added 2013/05/10 9:55 p.m.•8 views

Sql injection

7.5CVSS9.2AI score0.03643EPSS

Exploits2References12Affected Software1

CVE•added 2013/05/10 9:0 p.m.•60 views

CVE-2013-3528

Vanilla Forums prior to 2.0.18.6 is vulnerable to a PHP Object Injection in class.utilitycontroller.php (

7.5CVSS6.5AI score0.04513EPSS

Exploits7References3Affected Software1

CVE•added 2013/05/10 9:0 p.m.•44 views

CVE-2013-3527

Vanilla Forums suffers SQL injection in versions before 2.0.18.8. The vulnerability allows remote attackers to inject arbitrary SQL via the Form/Email parameter array during entry/signin or entry/passwordrequest, potentially compromising data. Affected component: Vanilla Forums core (web applicat...

7.5CVSS8.8AI score0.03643EPSS

Exploits2References12Affected Software1

Cvelist•added 2013/05/10 9:0 p.m.•22 views

CVE-2013-3528

Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."...

6.4AI score0.04513EPSS

Exploits7References3

Cvelist•added 2013/05/10 9:0 p.m.•16 views

CVE-2013-3527

8.5AI score0.03643EPSS

Exploits2References12

Vulnerability Lab•added 2013/05/06 12:0 a.m.•21 views

Sony PSN Community - Mail Encoding Web Vulnerability

Document Title: =============== Sony PSN Community - Mail Encoding Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=748 Release Date: ============= 2013-05-06 Vulnerability Laboratory ID VL-ID: ==================================== 748...

7.1AI score

Exploits0

securityvulns•added 2013/05/06 12:0 a.m.•60 views

Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable

Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on: Windows Server 2003 Apache 2.4.3 PHP 5.4.7 MySQL 5.5.27 Vulnerability Overview: SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. Vulnerability...

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by