Lucene search
K

153 matches found

Packet Storm
Packet Storm
added 2014/12/02 12:0 a.m.37 views

Wix.com Cross Site Scripting

57 million web pages are affected by a security problem in wix.com Proof of concept of a web page made in wix.com: http://www.itsec.cl/ to see the source code can observe the following: ... Find the SEO content of this site's homepage via http://www.itsec.cl/?escapedfragment= That is where search...

7.4AI score
Exploits0
OSV
OSV
added 2014/08/13 11:55 p.m.1 views

DEBIAN-CVE-2014-3512

Multiple buffer overflows in crypto/srp/srplib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an invalid SRP 1 g, 2 A, or 3 B parameter...

7.5CVSS7.7AI score0.7408EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Mambo Site Server 4.0.11 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6387/info A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo script. Information...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/08/15 12:0 a.m.42 views

SuSE 10 Security Update : libvirt (ZYPP Patch Number 7613)

libvirtd could crash if bogus parameters where passed to the VirDomainGetVcpus call. CVE-2011-2511 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid55850;...

4CVSS7AI score0.03536EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2011/01/03 8:0 p.m.24 views

CVE-2010-4349

admin/upgradeunattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid dbtype parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP...

5CVSS5.9AI score0.08839EPSS
Exploits1References1
Prion
Prion
added 2010/07/22 5:40 a.m.16 views

Design/Logic Flaw

index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via 1 a viewadrates action with an invalid uid parameter, which reveals the installation path in an error message; or 2 an adminlogin action with a crafted uid parameter, which reveals the version number...

5CVSS6.6AI score0.01218EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2010/05/13 5:30 p.m.18 views

CVE-2010-1554

Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager OV NNM 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter...

10CVSS7.9AI score0.67786EPSS
Exploits13References5
Cvelist
Cvelist
added 2009/06/18 9:0 p.m.23 views

CVE-2009-2115

admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message...

5.8AI score0.01127EPSS
Exploits0References3
NVD
NVD
added 2009/06/17 5:30 p.m.21 views

CVE-2009-2107

Multiple cross-site scripting XSS vulnerabilities in index.php in Webmedia Explorer webmex 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the 1 search or 2 tag parameters; 3 arbitrary invalid parameter names that are not...

4.3CVSS5.7AI score0.01452EPSS
Exploits1References4
Prion
Prion
added 2009/06/17 5:30 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Webmedia Explorer webmex 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the 1 search or 2 tag parameters; 3 arbitrary invalid parameter names that are not...

4.3CVSS6AI score0.01452EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2009/06/17 5:0 p.m.29 views

CVE-2009-2107

Multiple cross-site scripting XSS vulnerabilities in index.php in Webmedia Explorer webmex 5.09 and 5.10 allow remote attackers to inject arbitrary web script or HTML via event handlers such as onmouseover in the 1 search or 2 tag parameters; 3 arbitrary invalid parameter names that are not...

5.7AI score0.01452EPSS
Exploits1References4
Prion
Prion
added 2008/12/03 7:30 p.m.14 views

Code injection

Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function...

7.8CVSS7AI score0.0251EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2008/12/03 7:0 p.m.25 views

CVE-2008-5322

Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function...

6.4AI score0.0251EPSS
Exploits1References4
Prion
Prion
added 2008/10/14 9:11 p.m.24 views

Stack overflow

Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information wa...

10CVSS7AI score0.56268EPSS
Exploits9References4Affected Software1
RedHat Linux
RedHat Linux
added 2008/06/30 3:33 p.m.7 views

tomcat examples XSS

Multiple cross-site scripting XSS vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 time parameter to cal2.jsp and 2 any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer...

4.3CVSS5.8AI score0.31601EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2008/02/14 11:0 p.m.16 views

CVE-2008-0784

graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid localgraphid parameter and other unspecified vectors...

5CVSS5.9AI score0.02216EPSS
Exploits1References1
Cvelist
Cvelist
added 2007/10/25 7:0 p.m.21 views

CVE-2003-1517

cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message...

6.6AI score0.01997EPSS
Exploits1References3
Prion
Prion
added 2007/09/27 7:17 p.m.23 views

Design/Logic Flaw

SimpNews 2.41.03 allows remote attackers to obtain sensitive information via 1 an invalid lang parameter to admin/index.php; or a direct request to 2 admin/dbginfos.php, 3 admin/heading.php, or 4 evsearch.php; which reveals the path in various error messages...

5CVSS6.7AI score0.01816EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2007/06/26 5:30 p.m.21 views

Design/Logic Flaw

Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via 1 an invalid month parameter to calendar.php, 2 an invalid catview parameter to calweek.php in a week operation, 3 an invalid ycyear parameter to yearcal.php, or 4 a direct request to calfunctions.inc.php, which...

5CVSS6.7AI score0.01657EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2007/06/06 1:30 a.m.14 views

CVE-2007-3059

SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sclanguage parameter to sendcard.php, which reveals the path in an error message...

5CVSS6.2AI score0.01213EPSS
Exploits0References4
Rows per page
Query Builder