Lucene search
+L

2933 matches found

nvd
nvd
added 2006/06/02 1:2 a.m.19 views

CVE-2006-2755

Cross-site scripting XSS vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords...

4.3CVSS5.7AI score0.02298EPSS
Exploits1References6
prion
prion
added 2006/06/02 1:2 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords...

4.3CVSS6AI score0.02298EPSS
Exploits1References6Affected Software1
cvelist
cvelist
added 2006/06/02 1:0 a.m.23 views

CVE-2006-2755

Cross-site scripting XSS vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords...

5.7AI score0.02298EPSS
Exploits1References6
securityvulns
securityvulns
added 2006/06/02 12:0 a.m.26995 views

уязвимость в Sad Raven's guestbook

доброе время суток. Недавно я нашел уязвимость в Sad Raven's guestbook версии 1.1, которая позволяет любому пользователю получить доступ в админ-центр. Заранее прошу извинить, если эту уязвимость уже кто-то нашел, но я не нашел нигде о ней никакого упоминания. Все говорят только о том, что пароли...

1AI score
Exploits0
packetstorm
packetstorm
added 2006/04/28 12:0 a.m.29 views

confixx_exploit.pl.txt

sry - i know this isn't a cvs repository here - but the code posted yesterday was written after some 'b33r' an i made it looking a little less drunk this morning. bye defa ----BOF---- !/usr/bin/perl exploit for confixx professional = 3.1.2 the vulerability was discovered by: LoK Crew references:...

7.4AI score
Exploits0
nvd
nvd
added 2006/03/28 11:6 a.m.15 views

CVE-2006-1412

TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd...

5CVSS6.4AI score0.03546EPSS
Exploits0References7
prion
prion
added 2006/03/28 11:6 a.m.17 views

Improper access control

TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd...

5CVSS6.7AI score0.03546EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2006/03/28 11:0 a.m.20 views

CVE-2006-1412

TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd...

6.4AI score0.03546EPSS
Exploits0References7
euvd
euvd
added 2006/03/28 11:0 a.m.4 views

EUVD-2006-1416

TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd...

5CVSS6.3AI score0.03546EPSS
Exploits0References7
zdt
zdt
added 2006/03/18 12:0 a.m.67 views

Nodez <= 4.6.1.1 Mercury Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ======================================================== Nodez = 4.6.1.1 Mercury Multiple Remote Vulnerabilities ======================================================== !/usr/bin/php -q -d shortopentag=on ? echo "Nodez 4.6.1.1 Mercury...

7.1AI score
Exploits0
seebug
seebug
added 2006/03/18 12:0 a.m.30 views

Nodez &lt;= 4.6.1.1 Mercury Multiple Remote Vulnerabilities

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Nodez 4.6.1.1 Mercury possibly prior versions multiple vulnerabilities\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; / software: site: nodez.greentinted.com/...

7.1AI score
Exploits0
prion
prion
added 2006/03/14 1:6 a.m.12 views

Improper access control

PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/USERNAME file...

5CVSS7.4AI score0.03315EPSS
Exploits1References7Affected Software1
nvd
nvd
added 2006/03/14 1:6 a.m.12 views

CVE-2006-1209

PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/USERNAME file...

5CVSS6.9AI score0.03315EPSS
Exploits1References7
nvd
nvd
added 2006/03/14 1:6 a.m.17 views

CVE-2006-1207

PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/USERNAME file...

5CVSS6.9AI score0.01512EPSS
Exploits1References5
cvelist
cvelist
added 2006/03/14 1:0 a.m.21 views

CVE-2006-1207

PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/USERNAME file...

6.9AI score0.01512EPSS
Exploits1References5
cvelist
cvelist
added 2006/03/14 1:0 a.m.17 views

CVE-2006-1209

PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/USERNAME file...

6.9AI score0.03315EPSS
Exploits1References7
cve
cve
added 2006/03/14 1:0 a.m.52 views

CVE-2006-1209

The CVE concerns PHP Advanced Transfer Manager (versions 1.00–1.30). The root cause is insufficient access control that stores sensitive data (including password hashes) under the web root. This enables remote attackers to retrieve password hashes by directly requesting a users/[USERNAME] file. C...

5CVSS6.9AI score0.03315EPSS
Exploits1References7Affected Software1
cve
cve
added 2006/03/14 1:0 a.m.38 views

CVE-2006-1207

The CVE-2006-1207 issue affects PHP Upload Center. The vulnerability arises because password hashes are stored under the web root with insufficient access control, allowing remote attackers to download each password hash via a direct request to upload/users/[USERNAME]. The available documents des...

5CVSS7AI score0.01512EPSS
Exploits1References5Affected Software1
ptsecurity
ptsecurity
added 2006/03/14 12:0 a.m.5 views

PT-2006-2223 · Php · Php Upload Center

Name of the Vulnerable Software and Affected Versions: PHP Upload Center affected versions not specified Description: The issue allows remote attackers to download password hashes due to insufficient access control. Specifically, password hashes are stored under the web root, making them accessib...

5CVSS6.3AI score0.01512EPSS
Exploits1References6
nvd
nvd
added 2006/03/12 9:2 p.m.11 views

CVE-2006-1164

Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat...

7.5CVSS6.7AI score0.02657EPSS
Exploits1References3
Rows per page
Query Builder