CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

4502 matches found

securityvulns•added 2007/02/20 12:0 a.m.•52 views

ESupport Multiple HTML Injection Vulnerabilities

ESupport Multiple HTML Injection Vulnerabilities Kayako SupportSuite offers true integrated Multi-Channel solution allowing you to manage your emails, online issues, chats, self service and issues received by phone. The entire system has been designed to improve productivity and provide seamless...

securityvulns•added 2007/02/13 12:0 a.m.•70 views

Jportal 2.3.1 CSRF vulnerability

Type: CSRF Attack / Input Validation Error Remote: Yes Version: 2.3.1 very possible, that older versions are vulnerable too Problem is in admin/admin.adm.php: function addadmin global $name, $mail, $nick, $action, $usertbl, $access; global $nick, $PHPSELF, $pass, $pass, $acce, $op, $goto;...

securityvulns•added 2007/02/07 12:0 a.m.•56 views

VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability

VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability to have arbitrary script code execute in the...

securityvulns•added 2007/01/28 12:0 a.m.•40 views

PHP Membership Manager Cross-Site Scripting Vulnerability

PHP Membership Manager Cross-Site Scripting Vulnerability PHP Membership Manager is a browser based tool which allows a site owner to easily manage an unlimited number of username / password accounts and groups which access secure, protected areas of a web site which require logging in before...

Packet Storm•added 2007/01/24 12:0 a.m.•28 views

paypal-inject.txt

Paypal Subscription Manager allows webmaster easily create subscription web site, visitors can access to digital product instantly after paying through Paypal, PSM provides ability to effortlessly process subscription and protect membership areas. PSM uses PHP and MySQL for fast, efficient,...

securityvulns•added 2007/01/20 12:0 a.m.•55 views

Paypal Subscription Manager Multiple HTML Injections

Paypal Subscription Manager allows webmaster easily create subscription web site, visitors can access to digital product instantly after paying through Paypal, PSM provides ability to effortlessly process subscription and protect membership areas. PSM uses PHP and MySQL for fast, efficient,...

securityvulns•added 2007/01/05 12:0 a.m.•38 views

[SA23608] OpenBSD "vga" Privilege Escalation Vulnerability

TITLE: OpenBSD "vga" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA23608 VERIFY ADVISORY: http://secunia.com/advisories/23608/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: OpenBSD 4.0 http://secunia.com/product/12486/ OpenBSD 3.x...

Debian•added 2006/12/01 4:26 p.m.•30 views

[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite

------------------------------------------------------------------------ Debian Security Advisory DSA-1223-1 [email protected] http://www.debian.org/security/ Noah Meyerhans December 01, 2006 - ------------------------------------------------------------------------ Package : tar Vulnerability...

4CVSS7.9AI score0.1075EPSS

securityvulns•added 2006/11/28 12:0 a.m.•48 views

[Full-disclosure] REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability

Description: REMLAB http://remlab.sourceforge.net/ is a fully fuctional cross-platform web-based Battlemech designer for the tactical board game Battletech http://www.classicbattletech.com/ . REMLAB is built entirely on HTML, PHP, and JavaScript with AJAX functionality. The vulnerability exists i...

5CVSS5.9AI score0.01566EPSS

securityvulns•added 2006/11/16 12:0 a.m.•41 views

[NT] Selenium FTP Server Directory Traversal

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

securityvulns•added 2006/11/14 12:0 a.m.•44 views

iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability

Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability iDefense Security Advisory 11.08.06 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 08, 2006 I. BACKGROUND Citrix Presentation Server is a product designed to allow remote access to applications over a...

securityvulns•added 2006/11/08 12:0 a.m.•46 views

DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php

DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php Description: The DigiOz Guestbook is a PHP driven guestbook system. The vulnerability exists in list.php script which allows remote attackers to obtain sensitive information via an HTTP request to list.php that contains wrong...

5CVSS6.3AI score0.01635EPSS

securityvulns•added 2006/11/07 12:0 a.m.•55 views

[Full-disclosure] DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php

DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php Description: The DigiOz Guestbook is a PHP driven guestbook system. The vulnerability exists in list.php script which allows remote attackers to obtain sensitive information via an HTTP request to list.php that contains wrong...

5CVSS6.3AI score0.01635EPSS

securityvulns•added 2006/09/28 12:0 a.m.•78 views

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities Status: Reported to the Vendor 09/26/2006 Class: Input Validation Error Severity: Low Software Description: VirtueMart formerly known as mambo-phpShop is an Open Source E-Commerce solution to be used together with a Content...

Exploit DB•added 2006/09/13 12:0 a.m.•34 views

Newsscript 0.5 - Local/Remote File Inclusion

Product : Newsscript Homepage : http://www.webmaster-journal.com Version : 0.5 Date : 12-09-2006 Vulnerability : Remote & local File Inclusion Risk : High --------------------------------------------------------------------------------------------------------- Description : Newsscript is a PHP...

0day.today•added 2006/09/13 12:0 a.m.•18 views

Newsscript <= 0.5 Remote and Local File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================= Newsscript 2 3 27 include$filename; The second flaw is due to an input validation error in the "article.php" script that does not validate the "ide" parameter, which could be...

securityvulns•added 2006/07/14 12:0 a.m.•34 views

[SA21037] McAfee ePolicy Orchestrator Directory Traversal Vulnerability

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

securityvulns•added 2006/07/09 12:0 a.m.•31 views

[KAPDA::#46] - AjaxPortal Authentication Bypass

KAPDA New advisory Vendor: http://myiosoft.com Vulnerable: AjaxPortal v. 3.0 Bug: Sql Injection Authentication Bypass Exploitation: Remote with browser Description: -------------------- AjaxPortal is based on Sajax technology - an open source tool to make programming websites using the Ajax...

securityvulns•added 2006/06/10 12:0 a.m.•42 views

CORE-2006-0330: Asterisk PBX truncated video frame vulnerability

Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ Asterisk PBX truncated video miniframe vulnerability Date Published: 2006-06-09 Last Update: 2006-06-09 Advisory ID: CORE-2006-0330 Bugtraq ID: 18295 CVE Name: CVE-2006-2898 Title: Asterisk PBX truncated video...

7.5CVSS7.3AI score0.04214EPSS

securityvulns•added 2006/06/10 12:0 a.m.•35 views

CORE-2006-0327: IAXclient truncated frames vulnerabilities

Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ IAXclient truncated frames vulnerabilities Date Published: 2006-06-09 Last Update: 2006-06-09 Advisory ID: CORE-2006-0327 Bugtraq ID: 18307 CVE Name: N/A Title: IAXclient truncated frames vulnerabilities Class:...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by