Lucene search
K

7211 matches found

Cvelist
Cvelist
added 2005/10/29 7:0 p.m.23 views

CVE-2005-3365

Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via 1 the name parameter in register.php, 2 the email parameter in lostpassword.php, 3 the year parameter in calendar.php, and the 4...

8.1AI score0.03167EPSS
Exploits1References12
CVE
CVE
added 2005/10/29 7:0 p.m.50 views

CVE-2005-3366

The CVE-2005-3366 issue affects PHP iCalendar (PHP iCalendar 2.0a2–2.0.1). The vulnerability is a PHP file inclusion flaw in index.php that uses the phpicalendar cookie to include files, allowing remote code execution and arbitrary local file inclusion. The issue is not XSS per the report. Impact...

6.8CVSS6.2AI score0.0237EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2005/10/27 4:0 a.m.52 views

CVE-2005-3334

CVE-2005-3334 concerns Flyspray, a lightweight bug-tracking web app. The vulnerability affects Flyspray 0.9.7 through 0.9.8 (devel) and is a cross-site scripting (XSS) flaw in the index.php page. An attacker can inject arbitrary web script or HTML via multiple parameters (PHPSESSID, task, string,...

4.3CVSS5.5AI score0.04638EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2005/10/25 4:0 a.m.41 views

CVE-2005-3306

CVE-2005-3306 describes an XSS vulnerability in index.php of FlatNuke 2.5.6, exploitable via the user parameter in a profile operation to inject arbitrary script/HTML. The vulnerability is specifically a cross-site scripting issue and is stated as a separate/vector from CVE-2005-2814, with a note...

4.3CVSS5.4AI score0.01242EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2005/10/25 4:0 a.m.19 views

CVE-2005-3308

Multiple cross-site scripting XSS vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 comment parameter in detail.php, 3 the username parameter in get.php, and 4 the search parameter in index.php...

5.8AI score0.02143EPSS
Exploits1References8
Cvelist
Cvelist
added 2005/10/25 4:0 a.m.24 views

CVE-2004-2511

Multiple cross-site scripting XSS vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the year, 2 month, and 3 day parameters in calendar.php; 4 the cid and 5 url parameters in index.php; 6 the cid parameter in annoucement.php; 7 the...

5.7AI score0.05324EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2005/10/25 12:0 a.m.12 views

FlatNuke < 2.5.7 index.php Traversal File Inclusion

Binary data 3265.prm...

10CVSS7.3AI score0.0833EPSS
Exploits4References4
Cvelist
Cvelist
added 2005/09/27 4:0 a.m.19 views

CVE-2005-3083

Cross-site scripting XSS vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

5.7AI score0.01385EPSS
Exploits1References2
CVE
CVE
added 2005/09/27 4:0 a.m.47 views

CVE-2005-3083

CMS Made Simple 0.10 contains a cross-site scripting (XSS) vulnerability in index.php via the page parameter. Root cause is improper handling of the page parameter leading to script/HTML injection; impact implied is partial integrity compromise. CVSS 2.0 base score: 4.3 (Medium); vector: AV:N/AC:...

4.3CVSS6AI score0.01385EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2005/09/21 10:3 p.m.19 views

CVE-2005-3020

Multiple cross-site scripting XSS vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 group parameter to css.php, 2 redirect parameter to index.php, 3 email parameter to user.php, 4 goto parameter to language.php, 5 orderby parameter t...

4.3CVSS5.8AI score0.01826EPSS
Exploits1References5
Cvelist
Cvelist
added 2005/09/21 4:0 a.m.21 views

CVE-2005-3004

SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote attackers to execute arbitrary SQL commands via the 1 idp, 2 idctg, or 3 idprd parameters to the pages module in index.php...

8.4AI score0.0112EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/09/21 4:0 a.m.21 views

CVE-2005-3009

Cross-site scripting XSS vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php...

5.7AI score0.01164EPSS
Exploits0References3
CVE
CVE
added 2005/09/21 4:0 a.m.43 views

CVE-2005-3003

The CVE-2005-3003 entry concerns NooTopList 1.0.0 release 17, specifically in index.php. The vulnerability is a SQL injection in the application’s handling of the (1) o and (2) sort parameters, enabling remote attackers to execute arbitrary SQL commands. The NVD metrics indicate a high base sever...

7.5CVSS8.8AI score0.0121EPSS
Exploits1References2
NVD
NVD
added 2005/09/20 12:3 a.m.15 views

CVE-2005-2979

SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter...

7.5CVSS8.4AI score0.01162EPSS
Exploits1References5
NVD
NVD
added 2005/09/20 12:3 a.m.22 views

CVE-2005-2980

Cross-site scripting XSS vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter...

4.3CVSS5.7AI score0.01752EPSS
Exploits1References5
CVE
CVE
added 2005/09/19 4:0 a.m.49 views

CVE-2005-2980

The CVE-2005-2980 issue is an XSS vulnerability in Noah’s Classifieds v1.3, specifically in index.php where the rollid parameter can be exploited to inject arbitrary web script/HTML. The connected PT-2005-3817 entry confirms the vulnerable software and parameters, and notes that remote attackers ...

4.3CVSS6AI score0.01752EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2005/09/19 4:0 a.m.58 views

CVE-2005-2979

CVE-2005-2979 describes a SQL injection in Noah’s classifieds (index.php) by manipulating the rollid parameter. Public documents identify Noah’s classifieds as the affected software and point to an underlying input handling flaw in index.php, enabling remote SQL command execution. The NVD entry l...

7.5CVSS8.8AI score0.01162EPSS
Exploits1References5Affected Software1
exploitpack
exploitpack
added 2005/09/14 12:0 a.m.10 views

Noahs Classifieds 1.21.3 - index.php SQL Injection

Noahs Classifieds 1.21.3 - index.php SQL Injection source: https://www.securityfocus.com/bid/14833/info Noah's Classifieds is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could...

0.5AI score
Exploits0
NVD
NVD
added 2005/09/07 6:3 p.m.14 views

CVE-2005-2814

Cross-site scripting XSS vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a visreg operation to index.php...

4.3CVSS5.6AI score0.01728EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/09/07 4:0 a.m.19 views

CVE-2005-2818

Cross-site scripting XSS vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to 1 email.php,2 index.php, 3 del.php, or 4 addform.php...

5.7AI score0.01177EPSS
Exploits0References4
Rows per page
Query Builder