CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

exploitpack•added 2007/02/14 12:0 a.m.•11 views

Jupiter CMS 1.1.5 - Client-IP SQL Injection

Jupiter CMS 1.1.5 - Client-IP SQL Injection URL: http://www.acid-root.new.fr/advisories/12070214.txt / errorreportingEALL ^ ENOTICE; $url = 'http://localhost/jupiter/'; $xpl = new phpsploit; $xpl-agent"Mozilla"; $hev = "-1' UNION SELECT CONCAT'" ."BEGINXPLUSER'," ."SELECT username FROM users LIMI...

0.1AI score

NVD•added 2007/02/09 1:28 a.m.•20 views

CVE-2006-6986

Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which...

7.8CVSS5.9AI score0.00522EPSS

NVD•added 2007/02/09 1:28 a.m.•19 views

CVE-2006-6990

Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site,...

7.8CVSS5.9AI score0.00461EPSS

Cvelist•added 2007/02/09 1:0 a.m.•23 views

CVE-2006-6989

Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the...

5.9AI score0.00522EPSS

CVE•added 2007/02/09 1:0 a.m.•41 views

CVE-2006-6983

CVE-2006-6983 documents a cross-domain information disclosure in MYweb4net Browser 3.8.8.0. The vulnerability arises from an object tag with a data parameter referencing a link that points to a Location header on the attacker's site, allowing the target content to be exposed via the outerHTML att...

5CVSS5.9AI score0.00306EPSS

Exploits0References1Affected Software1

Cvelist•added 2007/02/09 1:0 a.m.•23 views

CVE-2006-6991

Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site,...

5.9AI score0.00461EPSS

Prion•added 2007/02/07 11:28 a.m.•19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page...

4.3CVSS6.2AI score0.04251EPSS

Exploits0References7Affected Software1

Prion•added 2007/02/06 2:28 a.m.•11 views

Design/Logic Flaw

EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer...

7.5CVSS7AI score0.06544EPSS

Exploits1References5Affected Software1

securityvulns•added 2007/01/25 12:0 a.m.•96 views

[SA23913] CGI Rescue WebFORM Cross-Site Scripting and HTTP Header Injection

TITLE: CGI Rescue WebFORM Cross-Site Scripting and HTTP Header Injection SECUNIA ADVISORY ID: SA23913 VERIFY ADVISORY: http://secunia.com/advisories/23913/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: WebFORM 4.x http://secunia.com/product/10398/ DESCRIPTION:...

0.8AI score

Japan Vulnerability Notes•added 2007/01/25 12:0 a.m.•21 views

JVN#05088443 CGI RESCUE WebFORM vulnerable to HTTP header injection

Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. Solution Products Affected WebFORM 4.3 and earlier According to the vendor's website, "Web Mailer" released from CGI RESCUE also contains a similar vulnerability...

6.9AI score

NVD•added 2006/12/21 7:28 p.m.•9 views

CVE-2006-6684

Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained...

7.5CVSS8.1AI score0.0192EPSS

Cvelist•added 2006/12/21 7:0 p.m.•15 views

CVE-2006-6684

8.1AI score0.0192EPSS

CVE•added 2006/12/21 7:0 p.m.•45 views

CVE-2006-6679

The issue affects chetcpasswd prior to version 2.4, where ACL checks rely on the X-Forwarded-For header. This header spoofing allows remote attackers to gain unauthorized access. Root cause: authentication/authorization logic trusts X-Forwarded-For for client status in IP ACLs. Documented impact:...

7.5CVSS7.2AI score0.01612EPSS

Exploits0References7Affected Software1

Tenable Nessus•added 2006/12/15 12:0 a.m.•32 views

Flash Player HTTP Header CRLF Injection (APSB06-18)

According to its version number, the instance of Flash Player on the remote Windows host contains two ways for a remote attacker to perform arbitrary HTTP requests while controlling most of the HTTP headers. A remote attacker may be able to leverage these issues to conduct cross-site request...

5CVSS5.5AI score0.1744EPSS

securityvulns•added 2006/11/14 12:0 a.m.•65 views

[SA22864] Netquery "User-Agent" HTTP Header Script Insertion

TITLE: Netquery "User-Agent" HTTP Header Script Insertion SECUNIA ADVISORY ID: SA22864 VERIFY ADVISORY: http://secunia.com/advisories/22864/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Netquery 4.x http://secunia.com/product/12587/ DESCRIPTION: Tal Argoni has...

0.4AI score