CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2734 matches found

seebug.org•added 2008/01/09 12:0 a.m.•15 views

Tribisur 'forum.php'/'cat_main.php' SQL注入漏洞

BUGTRAQ ID: 27149 CNCAN ID:CNCAN-2008010812 Tribisur是一款基于PHP的WEB应用程序。 Tribisur不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。问题是由于'forum.php'和'catmain.php'脚本对用户提交的WEB参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Thomas PEREZ Tribisur 2.0 厂商解决方案 --------- 目前没有解决方案提供：...

6.9AI score

Exploits0

seebug.org•added 2008/01/06 12:0 a.m.•12 views

Tribisur <= 2.0 Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q ?php echo "Tribisur = 2.0 Remote SQL Injection Exploit\r\n"; echo "Coded by x0kster -x0ksterATgmailDOTcom - \r\n"; / Script Download : http://www.comscripts.com/scripts/php.tribisur-20.1211.html Bug 1 in modules/forum/liste.php : First, this...

7.1AI score

Exploits0

exploitpack•added 2007/10/27 12:0 a.m.•12 views

GoSamba 1.0.1 - INCLUDE_PATH Multiple Remote File Inclusions

GoSamba 1.0.1 - INCLUDEPATH Multiple Remote File Inclusions GoSamba 1.0.1 includepath Multiple Remote File Inclusion Vulnerabilities http://mesh.dl.sourceforge.net/sourceforge/gosamba/gosamba.1.0.1.tar.gz POC : /incgroup.php?includepath=http://localhost/scripts/020.txt?...

0.5AI score

Exploits0

Cvelist•added 2007/10/17 1:0 a.m.•20 views

CVE-2003-1361

Unknown vulnerability in VERITAS Bare Metal Restore BMR of Tivoli Storage Manager TSM 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server...

6.9AI score0.01048EPSS

Exploits0References5

xssed•added 2007/09/29 12:0 a.m.•12 views

Unfixed XSS vulnerability at www.kommun-biblioteket.vilhelmina.com

Security researcher Uber0n, has submitted on 29/09/2007 a cross-site-scripting XSS vulnerability affecting www.kommun-biblioteket.vilhelmina.com, which at the time of submission ranked 6652756 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

6.6AI score

Exploits0References1

securityvulns•added 2007/09/11 12:0 a.m.•38 views

Proxy Anket v3.0.1 Sql injection Vulnerable

//////////////// Yollubunlar.Org //////////////////// Proxy Anket v3.0.1 Sql injection Vulnerable Author : Yollubunlar.Org Orginal Article : http://yollubunlar.org/proxy-anket-v301-sql-injection-vulnerable-3502.html Main Page: http://yollubunlar.org/category/web-security Script :...

0.6AI score

Exploits0

0day.today•added 2007/07/18 12:0 a.m.•22 views

QuickEStore <= 8.2 (insertorder.cfm) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================================= QuickEStore = 8.2 insertorder.cfm Remote SQL Injection Vulnerability ======================================================================= web application:QuickEStor...

7.1AI score

Exploits0

Cvelist•added 2007/06/27 12:0 a.m.•19 views

CVE-2006-7209

Multiple cross-site scripting XSS vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the 1 main, 2 daily, 3 weekly, 4 monthly, 5 new trends, 6 individual page, and 7 search engine...

5.8AI score0.00286EPSS

Exploits0References2

Exploit DB•added 2007/05/23 12:0 a.m.•34 views

NavBoard 2.6.0 - Remote Code Execution

"; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print ""; print ""; print "Admin email address blank will not display"; print ""; print "input ty...

7AI score

Exploits0

securityvulns•added 2007/05/07 12:0 a.m.•46 views

XSS in Microsoft SharePoint

Hi! I think this is a XSS in MS SharePoint, you can reproduce it in SharePoint test server using for example following url: http://www.example.com/sharepoint/default.aspx/22;iftruealert22qwertytis This is due a lack of string stripping when putting the path into javascript. It seems to work at...

6.1AI score

Exploits0

0day.today•added 2007/04/11 12:0 a.m.•27 views

Mambo Component zOOm Media Gallery <= 2.5 Beta 2 RFI Vulnerabilities

Exploit for unknown platform in category web applications ==================================================================== Mambo Component zOOm Media Gallery array , "getMakernoteTextValue" = array , "InterpretMakernotetoHTML" = array ; // Include the Main TIFF and EXIF Tags array...

7.1AI score

Exploits0

xssed•added 2007/04/11 12:0 a.m.•13 views

Unfixed XSS vulnerability at www.fdp-main-tauber.de

Security researcher BackDoor, has submitted on 04/11/2007 a cross-site-scripting XSS vulnerability affecting www.fdp-main-tauber.de, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/11/2007. It is...

Exploits0References1

securityvulns•added 2007/04/11 12:0 a.m.•89 views

Sisplet CMS <= 05.10 (site_path) Remote File Inclusion Vulnerability

Sisplet CMS Found by kezzap66345 Script Download:http://www.sisplet.org/uploadi/editor/Sisplet0504.tar.bz2 https://sourceforge.net/project/showfiles.php?groupid=111881 ERROR1: File:main/forum/komentar.php require$sitepath.'main/forum/class.php'; rfi coded RFI1:...

7.2AI score

Exploits0

Exploit DB•added 2007/04/05 12:0 a.m.•24 views

Sisplet CMS 05.10 - 'site_path' Remote File Inclusion

7.4AI score

Exploits0

securityvulns•added 2007/03/17 12:0 a.m.•56 views

QFTP (LIBFtp 3.1-1) (command line) sprintf() local buffer overflow

http://nbpfaus.net/pfau/ftplib/ qftp is a utility that performs file transfers using ftplib based on instructions presented on the command line. Description buffer overflow in sprintf, setumask don't check sizelen of passed argument. Source error in main: 337: case 'm' : setumaskoptarg; break;...

0.9AI score

Exploits0

Cvelist•added 2007/03/14 6:0 p.m.•38 views

CVE-2007-1458

Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 inccheckdatelang.php, 2 inccharsetfx.php, 3 incconfigcolor.php, 4 inccurrencyset.php, 5 incdbmakelink.php, 6 incdiagnosticsreportfx.php, 7...

7.6AI score0.23553EPSS

Exploits1References22

RedHat Linux•added 2007/03/14 12:47 a.m.•2 views

Ekiga format string flaw

Multiple format string vulnerabilities in the gmmainwindowflashmessage function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet...

10CVSS6.1AI score0.0389EPSS

Exploits0References4

ATTACKERKB•added 2007/03/02 9:18 p.m.•2 views

CVE-2007-1138

Absolute path traversal vulnerability in listmainpages.php in Cromosoft Simple Plantilla PHP SPP allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter...

5CVSS5.9AI score0.04255EPSS

Exploits1References5

Packet Storm•added 2007/02/24 12:0 a.m.•37 views

oraclekupv-perm.txt

!/usr/bin/perl Remote Oracle KUPW$WORKER.MAIN exploit 10g Grant or revoke dba permission to unprivileged user Tested on "Oracle Database 10g Enterprise Edition Release 10.1.0.3.0" REF: http://www.securityfocus.com/archive/1/440439 AUTHOR: Andrea "bunker" Purificato http://rawlab.mindcreations.com...

7.4AI score

Exploits0

Exploit DB•added 2007/01/24 12:0 a.m.•38 views

vhostadmin 0.1 - 'MODULES_DIR' Remote File Inclusion

| | \ | Dr Max Virus | / \ | | / / || \ / \ ------------------------------------------------------------------------------------------------------------------------ Script:vHostAdmin Affected Version:1.0 Risk:Highly Critical...

7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by