Lucene search
K

754 matches found

securityvulns
securityvulns
added 2005/03/19 12:0 a.m.28 views

possible SQL injection in Subdreamer

//==========================================// GHC - Subdreamer - ADVISORY // Product: Subdreamer Version: Subdreamer Light // URL: www.subdreamer.com VULNERABILITY CLASS: SQL injection //==========================================// Product Description "Powered by PHP and MySQL, Subdreamer provid...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2005/03/12 12:0 a.m.30 views

phpfusionXSS.txt

I found an exploit in the current version of php-fusion which allows you to input XSS in the IMG tag. I reported it already to php-fusion and they created a fix for this. Here it goes: By converting the text ie. javascript:alert'test' to their ascii values, the strings between the img/img tags...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/03/01 12:0 a.m.9 views

PBLang Bulletin Board System 4.x - SendPM.php Directory Traversal

PBLang Bulletin Board System 4.x - SendPM.php Directory Traversal source: https://www.securityfocus.com/bid/12690/info PBLang is reported prone to a directory traversal vulnerability. It is reported that the issue exists due to a lack of sufficient sanitization performed on user-supplied input. A...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/02/22 12:0 a.m.50 views

BizMail bizmail.cgi Arbitrary Mail Relay

The remote web server is hosting the CGI bizmail.cgi, a CGI script for sending the content of web forms to email addresses. The remote version of this software fails to sanitize the 'email' parameter to the 'bizmail.cgi' script of CRLF sequences. An unauthenticated, remote attacker may be able to...

5CVSS5.5AI score0.0144EPSS
Exploits0References3
Debian
Debian
added 2005/01/10 11:7 a.m.26 views

[SECURITY] [DSA 631-1] New kdlibs packages fix arbitrary FTP command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 631-1 [email protected] http://www.debian.org/security/ Martin Schulze January 10th, 2005 http://www.debian.org/security/faq -...

7.5CVSS0.7AI score0.04437EPSS
Exploits0
Exploit DB
Exploit DB
added 2004/12/20 12:0 a.m.20 views

escripts software e_board 4.0 - Directory Traversal

source: https://www.securityfocus.com/bid/12048/info It is reported that eBoard is vulnerable to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input. By including '../' directory traversal sequences and a NULL %00 in the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/12/15 12:0 a.m.25 views

ABC2MIDI 2004-12-04 - Multiple Stack Buffer Overflow Vulnerabilities

source: https://www.securityfocus.com/bid/12019/info It is reported that abc2midi is susceptible to two stack buffer overflow vulnerabilities. These issues are due to a failure of the application to properly bounds check user-supplied image data prior to copying it into fixed-size memory buffers...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/12/02 12:0 a.m.120 views

Advanced Guestbook 2.2/2.3 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/11798/info It is reported that Advanced Guestbook is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/11/18 12:0 a.m.30 views

[Full-Disclosure] Click and Build eCommerce Platform Cross Site Scripting

ClickandBuild: http://apply.clickandbuild.com/ Online eCommerce platform. Vulnerability The vulnerability lies in the "listPos" variable in the script running at cashncarrion.co.uk. It does not properly secure user inputted variables, presumably as the user is not supposed to input the variable b...

0.4AI score
Exploits0
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.22 views

CVE-2002-1478

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode...

7.3AI score0.02507EPSS
Exploits1References5
NVD
NVD
added 2004/08/20 4:0 a.m.15 views

CVE-2004-1728

Buffer overflow in British National Corpus SARA sarad allows remote attackers to execute arbitrary code by calling the client with a long string...

7.5CVSS7.9AI score0.05522EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2004/02/18 12:0 a.m.56 views

eCommerce Corporation Online Store Kit 3.0 - 'shop_by_brand.php?cat_manufacturer' SQL Injection

source: https://www.securityfocus.com/bid/9687/info It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via the URI. As a result of this a malicious user may influence database...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2004/01/02 12:0 a.m.23 views

Athena Web Registration - Remote Command Execution

source: https://www.securityfocus.com/bid/9349/info A problem has been reported in the handling of user-supplied input by the Athena Web Registration scripts. Because of this, it may be possible for an attacker to gain unauthorized access to a vulnerable system...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/11/02 12:0 a.m.19 views

MathoPD 1.x - Remote Buffer Overflow

MathoPD 1.x - Remote Buffer Overflow // source: https://www.securityfocus.com/bid/9871/info It has been reported that Mathopd is prone to a remote buffer overflow vulnerability. The issue arises due to a failure to check the bounds of a buffer storing user-supplied input. It may be possible for...

0.9AI score
Exploits0
exploitpack
exploitpack
added 2003/10/03 12:0 a.m.13 views

Divine Content Server 5.0 - Error Page Cross-Site Scripting

Divine Content Server 5.0 - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/8763/info It has been reported that Divine Content Server is prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the...

Exploits0
OSV
OSV
added 2003/07/16 12:0 a.m.75 views

DSA-351 php4 - cross-site scripting

Bulletin has no description...

4.3CVSS6.2AI score0.06982EPSS
Exploits1
securityvulns
securityvulns
added 2003/05/09 12:0 a.m.63 views

ttcms and ttforum exploits

hope this is the right place to send this exploit info, I found three diffrent exploits for a forum software / cms software: ------------------------------------------------------------------------------------------------------------------------------------------------ Affected Product: ttCMS or...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2003/03/31 12:0 a.m.39 views

CGI-City's CCLOG Script Injection Vulns

CGI-City's CCGuestBook Script Injection Vulnerabilities Discovered By BrainRawt [email protected] About CCGuestBook: ------------------ CC Guestbook is a simple guestbook program that is very easy to configure and install. It features a notification facility which sends an email alert to the...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2003/01/08 5:0 a.m.24 views

CVE-2002-1399

Unknown vulnerability in cashout and possibly other functions in PostgreSQL 7.2.1 and earlier, and possibly later versions before 7.2.3, with unknown impact, based on an invalid integer input which is processed as a different data type, as demonstrated using cashout2...

6.7AI score0.01791EPSS
Exploits0References3
exploitpack
exploitpack
added 2002/11/25 12:0 a.m.12 views

phpBB 2.0.3 - Script Injection

phpBB 2.0.3 - Script Injection source: https://www.securityfocus.com/bid/6248/info phpBB does not properly sanitize user input in forum postings. This could allow a malicious user to inject script code into a forum post which would in turn be executed when the page is viewed by other users. Scrip...

7.7AI score
Exploits0
Rows per page
Query Builder