CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

722 matches found

Packet Storm•added 2007/06/11 12:0 a.m.•22 views

mybloggie-rfi.txt

myBloggie 2.1.5 RFI Author: Yaser Homepage: http://www.ayyildiz.org Download S : http://mywebland.com/download.php?id=19 Exploits: http://site/config.php?bloggierootpath=evilcode? http://site/includes/db.php?bloggierootpath=evilcode? http://site/includes/template.php?bloggierootpath=evilcode?...

7.4AI score

Exploits0

Prion•added 2007/05/30 10:30 a.m.•10 views

Sql injection

SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the postid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

7.5CVSS8.8AI score0.01368EPSS

Exploits1References6Affected Software1

CVE•added 2007/05/30 10:0 a.m.•51 views

CVE-2007-2905

CVE-2007-2905 is a reported SQL injection vulnerability in the 2z Project 0.9.5, affecting the includes/rating.php component. The vulnerability allows remote attackers to execute arbitrary SQL commands via the post_id parameter. Multiple connected sources corroborate this flaw. The documents do n...

7.5CVSS8.1AI score0.01368EPSS

Exploits1References6Affected Software1

NVD•added 2007/05/30 1:30 a.m.•13 views

CVE-2007-2891

Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 bankdataroot parameter to modules/bank/includes/design/main.inc.php, or the 2 fmdataroot parameter to a includes/config/master.inc.php or b...

7.5CVSS7.6AI score0.08034EPSS

Exploits1References7

Prion•added 2007/05/30 1:30 a.m.•14 views

Remote file inclusion

7.5CVSS8.2AI score0.08034EPSS

Exploits1References7Affected Software1

Prion•added 2007/05/14 11:19 p.m.•14 views

Remote file inclusion

PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter, possibly related to the autoload function...

7.5CVSS8.2AI score0.02801EPSS

Exploits0References5Affected Software1

CVE•added 2007/05/04 1:0 a.m.•55 views

CVE-2007-2507

CVE-2007-2507 describes a directory traversal vulnerability in the Treble Designs 1024 CMS 0.7. The flaw exists in includes/download.php and allows remote attackers to read arbitrary files by providing a ../ sequence in the item parameter. The issue affects Treble Designs 1024 CMS 0.7 and enables...

7.8CVSS6.7AI score0.03476EPSS

Exploits1References7Affected Software1

Packet Storm•added 2007/05/04 12:0 a.m.•24 views

phpchess-rfi.txt

phpChess Community Edition 2.0 Multiple Remote File Inclusion Vulnerabilities D.Script: http://www.phpchess.net/index-3.html Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:Path/skins/phpchess/layoutadmincfg.php?RootPath=Shell...

7.4AI score

Exploits0

Prion•added 2007/04/19 10:19 a.m.•34 views

Remote file inclusion

PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack comjpack 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

6.8CVSS7.8AI score0.04837EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2007/04/18 12:0 a.m.•4 views

PT-2007-3439 · Openconcept · Openconcept Back-End Cms

Name of the Vulnerable Software and Affected Versions: OpenConcept Back-End CMS version 0.4.7 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the includes path parameter to various PHP files, including "click.php" and "pollcollector.php" in the htdocs...

7.5CVSS8AI score0.01548EPSS

Exploits0References7

exploitpack•added 2007/04/17 12:0 a.m.•13 views

AjPortal2Php - PagePrefix Remote File Inclusion

AjPortal2Php - PagePrefix Remote File Inclusion AjPortal2Php Class: File Include Vulnerability Remote: Yes Site: http://www.ajlopez.com/downloads/AjPortal2Php.zip Author: Alkomandoz Hacker Contact: [email protected] file ; begin.inc.php connection.inc.php events.inc.php footer.inc.php...

0.2AI score

Exploits0

CVE•added 2007/04/09 8:0 p.m.•71 views

CVE-2007-1894

CVE-2007-1894 describes an XSS in WordPress via the year parameter in wp_title, in the file wp-includes/general-template.php, before 20070309. The linked Debian advisory confirms fixes in WordPress versions 2.0.10-1 and 2.1.3-1 (DSA-1285-1). Other references (NVD OSV, OSV-DEBIAN) corroborate the ...

4.3CVSS5.5AI score0.03018EPSS

Exploits0References9Affected Software1

CERT•added 2007/03/05 12:0 a.m.•33 views

WordPress fails to properly sanitize input passed to the iz parameter in wp-includes/theme.php

Overview WordPress fails to properly sanitize input to the iz parameter in wp-includes/theme.php, which could allow a remote, unauthenticated attacker to execute arbitrary commands. Description WordPress is a blogging application that is written in PHP. WordPress 2.1.1 fails to properly sanitize...

7.5CVSS6.6AI score0.27006EPSS

Exploits2References4

Debian CVE•added 2007/03/02 10:0 p.m.•21 views

CVE-2007-1230

Multiple cross-site scripting XSS vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via 1 the Referer HTTP header or 2 the URI, a different vulnerability than CVE-2007-1049...

5.8CVSS3.8AI score0.02053EPSS

Exploits0

Prion•added 2007/03/02 9:18 p.m.•13 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimgbasepath parameter to 1 attributes.php, 2 images.php, or 3 scan.php in admin/; or 4 attributes.php, 5 dbutils.php, 6 images.php, 7 utils.php, or ...

7.5CVSS8.1AI score0.09234EPSS

Exploits1References14Affected Software1

Tenable Nessus•added 2007/03/02 12:0 a.m.•34 views

WordPress < 2.1.1 Multiple Script Backdoors

The version of WordPress installed on the remote host appears to include a backdoor that allows an unauthenticated, remote attacker to execute arbitrary code on the remote host, subject to the permissions of the web server user id. %NASLMINLEVEL 70300 Tenable Network Security, Inc...

7.5CVSS6AI score0.27006EPSS

Exploits2References4

securityvulns•added 2007/02/23 12:0 a.m.•41 views

DBGuestbook 1.1 (dbs_base_path) Remote File Include Vulnerabilities

DBGuestBook 1.1 Found by Denven Script: http://www.dbscripts.net/download/?file=2 ERROR: includes/utils.php requireonce $dbsbasepath includes/guestbook.php requireonce $dbsbasepath includes/views.php requireonce $dbsbasepath RFI: http://SITE.com/path/includes/utils.php?dbsbasepath=SHELL...

0.2AI score

Exploits0

Cvelist•added 2007/02/22 12:0 a.m.•17 views

CVE-2007-1060

Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when registerglobals and allowfopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to 1 createemails.inc.php and 2 sendemails.inc.php in...

7.6AI score0.07818EPSS

Exploits0References10

0day.today•added 2007/02/21 12:0 a.m.•41 views

DBImageGallery 1.2.2 (donsimg_base_path) RFI Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ DBImageGallery 1.2.2 donsimgbasepath RFI Vulnerabilities ============================================================ DBImageGallery 1.2.2 Found by Denven ERROR:...

7.1AI score

Exploits0

0day.today•added 2007/02/15 12:0 a.m.•37 views

ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ ZebraFeeds 1.0 zfpath Remote File Include Vulnerabilities ============================================================ Discovered By:- ThE email protected aggregator.php:-...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by