Lucene search
K

639 matches found

exploitpack
exploitpack
added 2009/07/20 12:0 a.m.13 views

PHP Scripts Now (Multiple Products) - bios.php?rank Cross-Site Scripting

PHP Scripts Now Multiple Products - bios.php?rank Cross-Site Scripting source: https://www.securityfocus.com/bid/44306/info Multiple PHP Scripts Now products are prone to an input-validation vulnerability that can be exploited to conduct SQL-injection and cross-site scripting attacks. Exploiting...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2009/05/05 12:0 a.m.32 views

IceWarp Merak Mail Server 9.4.1 - 'Forgot Password' Input Validation

source: https://www.securityfocus.com/bid/34827/info IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function. Attackers can exploit this issue via social-engineering techniques to obtain valid users'...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2009/02/18 12:0 a.m.31 views

GraphicsMagick Multiple Vulnerabilities - Linux

GraphicsMagick graphics tool is prone to multiple buffer overflow/underflow vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

10CVSS7.7AI score0.06654EPSS
Exploits0References8
Core Security
Core Security
added 2008/08/04 12:0 a.m.40 views

Sun xVM VirtualBox Privilege Escalation Vulnerability

1. Advisory Information Title: Sun xVM VirtualBox Privilege Escalation Vulnerability Advisory ID: CORE-2008-0716 Advisory URL:http://www.coresecurity.com/core-labs/advisories/virtualbox-privilege-escalation-vulnerability Date published: 2008-08-04 Date of last update: 2008-08-04 Vendors contacted...

8.8CVSS7.6AI score0.06932EPSS
Exploits8
Exploit DB
Exploit DB
added 2008/02/21 12:0 a.m.27 views

Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - 'GradebookStuScores.asp?GrdBk' SQL Injection

source: https://www.securityfocus.com/bid/27924/info Aeries Student Information System is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues...

7.4AI score
Exploits0
CVE
CVE
added 2008/02/12 10:0 p.m.63 views

CVE-2007-0216

CVE-2007-0216 is a remote code execution vulnerability in the Microsoft Works File Converter. It stems from improper validation of .wps section length headers in wkcvqd01.dll. A crafted .wps file could allow an attacker to take control of the affected system. Affected products include Microsoft O...

9.3CVSS7.4AI score0.38144EPSS
Exploits0References9Affected Software2
exploitpack
exploitpack
added 2008/01/09 12:0 a.m.19 views

Sun Java System Identity Manager 6.07.07.1 - idmlogin.jsp Multiple Cross-Site Scripting Vulnerabilities

Sun Java System Identity Manager 6.07.07.1 - idmlogin.jsp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site...

0.4AI score
Exploits0
Saint
Saint
added 2008/01/07 12:0 a.m.58 views

Adobe Flash Player ActionScript launch command execution

Added: 01/07/2008 CVE: CVE-2008-5499 BID: 32896 OSVDB: 50796 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell...

9.3CVSS6.4AI score0.79426EPSS
Exploits11
securityvulns
securityvulns
added 2007/08/07 12:0 a.m.110 views

TS-2007-002-0: BlueCat Networks Adonis root Privilege Access

Template Security Security Advisory ----------------------------------- BlueCat Networks Adonis root Privilege Access Date: 2007-08-06 Advisory ID: TS-2007-002-0 Vendor: BlueCat Networks, http://www.bluecatnetworks.com/ Revision: 0 Contents -------- Summary Software Version Details Impact Exploit...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2007/07/17 12:0 a.m.20 views

Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/24934/info Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Exploiting these issue...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/05/15 12:0 a.m.35 views

Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation

source: https://www.securityfocus.com/bid/23989/info Jetbox CMS is prone to an input-validation vulnerabilitiy because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to send spam email in the context of the application. Jetbox 2.1 is vulnerable; other versio...

7.4AI score
Exploits0
myhack58
myhack58
added 2007/04/16 12:0 a.m.31 views

The United States Blizzard[World Of Warcraft] official program vulnerability-vulnerability warning-the black bar safety net

Battle.net clan management system using a MySQL backend, allowing users to easily upgrade and maintain the web site. System to achieve on exist input validation vulnerability, a remote attacker could use this vulnerability to executeSQL injectionattacks, unauthorized access to system administrati...

1.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/11/06 12:0 a.m.20 views

AIOCP 1.3.x - 'cp_show_ec_products.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/10/25 12:0 a.m.23 views

Novell eDirectory/iMonitor HTTPSTK栈缓冲区溢出漏洞

Novell eDirectory是一个的跨平台的目录服务器。 Novell eDirectory在处理用户请求构造回应时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 Novell的HTTP协议栈(httpstk)没有检查客户端所提供的HTTP Host请求头(如Host: www.host.com)的值。当服务器在准备HTTP重新定向响应调用snprintf时可能会触发这个漏洞,导致以加载httpstk库进程的权限执行任意指令。C++伪代码如下: define HTTPHDRHOSTFIELD 211 char szHttp = "HTTP"; char...

6.9AI score
Exploits0
Exploit DB
Exploit DB
added 2006/02/15 12:0 a.m.16 views

SAP Business Connector 4.6/4.7 - 'adapter-index.dsp?url' Arbitrary Site Redirect

source: https://www.securityfocus.com/bid/16671/info SAP Business Connector is susceptible to an input-validation vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. This issue allows remote attackers to execute phishing-style attacks against...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/01/24 12:0 a.m.40 views

123 Flash Chat 5.0 - Remote Code Injection

123 Flash Chat 5.0 - Remote Code Injection source: https://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attacke...

8.2AI score
Exploits0
exploitpack
exploitpack
added 2005/12/13 12:0 a.m.11 views

VCD-db 0.9x - search.php?by SQL Injection

VCD-db 0.9x - search.php?by SQL Injection source: https://www.securityfocus.com/bid/15840/info VCD-db is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these...

8.6AI score
Exploits0
exploitpack
exploitpack
added 2005/11/15 12:0 a.m.24 views

Walla TeleSite 3.0 - ts.exe?sug SQL Injection

Walla TeleSite 3.0 - ts.exe?sug SQL Injection source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and path disclosur...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.15 views

AWStats configdir parameter arbitrary cmd exec

The remote host is running AWStats, a free real-time logfile analyzer. The remote version of this software is prone to an input validation vulnerability. The issue is reported to exist because user supplied OpenVAS Vulnerability Test $Id: awstatsconfigdir.nasl 6056 2017-05-02 09:02:50Z teissa $...

0.3AI score
Exploits0
FreeBSD
FreeBSD
added 2005/08/09 12:0 a.m.55 views

awstats -- arbitrary code execution vulnerability

An iDEFENSE Security Advisory reports: Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part ...

5CVSS7AI score0.02665EPSS
Exploits0References2
Rows per page
Query Builder