Lucene search
K

1197 matches found

Prion
Prion
added 2012/08/28 5:55 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via 1 $SERVER'HTTPHOST' or 2...

4.3CVSS6.2AI score0.01685EPSS
Exploits1References9Affected Software1
htbridge
htbridge
added 2012/08/15 12:0 a.m.70 views

Cross-Site Scripting (XSS) Vulnerabilities in Flogr

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Flogr, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS Vulnerabilities in Flogr: CVE-2012-4336 Input appended to the URL after /index.php is not properly sanitised before...

4.3CVSS5.9AI score0.01631EPSS
Exploits3Affected Software1
Packet Storm
Packet Storm
added 2012/05/07 12:0 a.m.32 views

NeXus Infotech CMS SQL Injection

Exploit title : NeXus Infotech CMS SQL Injection Vulnerability Date : May 05,2012 Author : gr00vehack3r Contact : groove.hacker7/a/t/gmail.com Homepage : www.gr00ve-hack3r.com Vendor : NeXus Infotech Vendor Site : http://www.nexusinfotech.org/ Google Dork : intext:"Powered By NeXus Infotech"...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2012/04/04 12:0 a.m.42 views

phpPaleo 4.8b156 Local File Inclusion

'phpPaleo' Local File Inclusion CVE-2012-1671 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in index.php for language handling that allows for local file inclusion using a null-byte attack on the 'lang' GET parameter. II...

6.8CVSS6.5AI score0.02573EPSS
Exploits7
Exploit DB
Exploit DB
added 2012/01/10 12:0 a.m.28 views

Pragyan CMS 3.0 - Remote File Disclosure

Title Pragyan CMS v 3.0 = Remote File Disclosure Author Or4nG.M4n Download http://space.dl.sourceforge.net/project/pragyan/pragyan/3.0/PragyanCMS-v3.0-beta.tar.bz2 vuln download.lib.php line 16 vuln index.php line 234 $GET'fileget' exploit...

7.4AI score
Exploits0
0day.today
0day.today
added 2011/09/18 12:0 a.m.24 views

Wordpress Relocate Upload Plugin 0.14 Remote File Inclusion

Exploit for php platform in category web applications Exploit Title: Relocate Upload Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/relocate-upload Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/09/07 12:0 a.m.34 views

MantisBT 1.2.7 Cross Site Scripting / Local File Inclusion

Vulnerability ID: HTB23045 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinmantisbt.html Product: MantisBT Vendor: www.mantisbt.org http://www.mantisbt.org/ Vulnerable Version: 1.2.7 and probably prior Tested Version: 1.2.7 Vendor Notification: 31 August 2011 Vulnerability...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/04/20 12:0 a.m.27 views

docuFORM Mercury WebApp 6.16a/5.20 - Multiple Cross-Site Scripting Vulnerabilities

docuFORM Mercury WebApp 6.16a Multiple Cross-Site Scripting Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; alert1" / input type="hid...

7.4AI score
Exploits0
0day.today
0day.today
added 2011/02/22 12:0 a.m.32 views

Tomato Gallery 1.2 (logged only) Persistant Xss Vunerability

Exploit for php platform in category web applications author: lemlajt software link: http://tomatogallery.yzx.se/ version: 1.2 tested on: linux cve : poc0.1 : 1. http://localhost/www/cmsadmins/tomatogallery12/edit/index.php 2. click @ "Add Separator" and type: bla'';!--alert document.cookie=& in...

7.1AI score
Exploits0
0day.today
0day.today
added 2010/09/29 12:0 a.m.18 views

e107 v0.7.23 SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================== e107 v0.7.23 SQL Injection Vulnerability ======================================== Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/09/28 12:0 a.m.19 views

e107 0.7.23 - SQL Injection

e107 0.7.23 - SQL Injection Vulnerability ID: HTB22604 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1072.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 13 September 2010...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2010/09/27 12:0 a.m.94 views

SQL injection vulnerability in e107

Vulnerability ID: HTB22604 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityine1072.html Product: e107 Website System Vendor: e107 http://www.e107.org/ Vulnerable Version: 0.7.23 and Probably Prior Versions Vendor Notification: 13 September 2010 Vulnerability Type: SQL Injectio...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2010/08/13 12:0 a.m.28 views

Apache JackRabbit 2.0.0 XPath Injection

Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...

7.4AI score
Exploits0
0day.today
0day.today
added 2010/08/11 12:0 a.m.16 views

Apache JackRabbit 2.0.0 webapp XPath Injection Vulnerabilty

Exploit for jsp platform in category web applications =========================================================== Apache JackRabbit 2.0.0 webapp XPath Injection Vulnerabilty =========================================================== Title: Apache JackRabbit webapp XPath Injection Author: ADEO...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/08/11 12:0 a.m.15 views

Apache JackRabbit 2.0.0 - webapp XPath Injection

Apache JackRabbit 2.0.0 - webapp XPath Injection Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip...

7.7AI score
Exploits0
Exploit DB
Exploit DB
added 2010/08/11 12:0 a.m.23 views

Apache JackRabbit 2.0.0 - webapp XPath Injection

Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...

7.4AI score
Exploits0
OSV
OSV
added 2010/05/27 10:30 p.m.1 views

DEBIAN-CVE-2010-2092

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...

7.5CVSS8.6AI score0.0137EPSS
Exploits1References1
Prion
Prion
added 2010/02/22 9:30 p.m.16 views

Sql injection

SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter...

7.5CVSS9.2AI score0.00973EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2010/02/19 12:0 a.m.26 views

SphereCMS 1.1 Alpha Blind SQL Injection

www.BugReport.ir AmnPardaz Security Research Team Title: SphereCMS Blind SQL Injection Vulnerability Vendor: http://sphere.xlentprojects.se/ Vulnerable Version: 1.1 alpha Latest version till now Exploitation: Remote with browser Fix: N/A - Description: SphereCMS is a CMS which allow managing foru...

0.1AI score
Exploits0
0day.today
0day.today
added 2009/12/04 12:0 a.m.24 views

Joomla yt_color YOOOtheme XSS and Cookie Stealing

Exploit for unknown platform in category web applications ================================================= Joomla ytcolor YOOOtheme XSS and Cookie Stealing ================================================= The GET variable ytcolor can be set to any script Example 1:...

7.1AI score
Exploits0
Rows per page
Query Builder