Lucene search
K

1134 matches found

NVD
NVD
added 2007/04/24 5:19 p.m.21 views

CVE-2007-2189

PHP remote file inclusion vulnerability in admin/adminalbumotf.php in the MX Smartor Full Album Pack FAP 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

6.8CVSS7.6AI score0.05088EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/04/24 5:0 p.m.22 views

CVE-2007-2189

PHP remote file inclusion vulnerability in admin/adminalbumotf.php in the MX Smartor Full Album Pack FAP 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

7.6AI score0.05088EPSS
Exploits0References3
CVE
CVE
added 2007/04/24 5:0 p.m.51 views

CVE-2007-2189

CVE-2007-2189 corresponds to a PHP remote file inclusion vulnerability in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB. The flaw resides in admin/admin_album_otf.php and allows remote attackers to execute arbitrary PHP code via a URL supplied to the phpbb_root_path parameter. Mult...

6.8CVSS7.6AI score0.05088EPSS
Exploits0References3Affected Software1
Exploit DB
Exploit DB
added 2007/04/19 12:0 a.m.28 views

Mx Module Smartor Album FAP 2.0 RC 1 - Remote File Inclusion

mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability Class: Remote Vendor: http://www.mx-system.com/modules/mxpafiledb/dload.php?action=download&fileid=364 Founder: bd0rk Contact: bd0rkathackermail.com Vulnerable Code in /admin/adminalbumotf.php...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/04/19 12:0 a.m.16 views

Mx Module Smartor Album FAP 2.0 RC 1 - Remote File Inclusion

Mx Module Smartor Album FAP 2.0 RC 1 - Remote File Inclusion mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability Class: Remote Vendor: http://www.mx-system.com/modules/mxpafiledb/dload.php?action=download&fileid=364 Founder: bd0rk Contact: bd0rkathackermail.com Vulnerable Code ...

0.1AI score
Exploits0
0day.today
0day.today
added 2007/04/12 12:0 a.m.20 views

mxBB Module MX Shotcast 1.0 RC2 (getinfo1.php) RFI Exploit

Exploit for unknown platform in category web applications ========================================================== mxBB Module MX Shotcast 1.0 RC2 getinfo1.php RFI Exploit ========================================================== !/usr/bin/perl mxBB Module MX Shotcast 1.0 RC2 getinfo1.php Remo...

7.1AI score
Exploits0
NVD
NVD
added 2007/04/11 10:19 p.m.16 views

CVE-2007-1874

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the 1 CFMX7DreamWeaverExtensions.mxp, 2 CFReportBuilderInstaller.exe, 3 .com.zerog.registry.xml, 4...

7.2CVSS7AI score0.008EPSS
Exploits0References8
CVE
CVE
added 2007/04/11 10:0 p.m.55 views

CVE-2007-1874

CVE-2007-1874 affects Adobe ColdFusion MX 7 for Linux and Solaris. The vulnerability stems from insecure permissions on specific scripts and directories (including CFMX7DreamWeaverExtensions.mxp, CFReportBuilderInstaller.exe, .com.zerog.registry.xml, uninstall.lax, license.txt, Readme.htm, k2admi...

7.2CVSS7AI score0.008EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2007/03/16 8:19 p.m.16 views

Design/Logic Flaw

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root...

4.3CVSS7.1AI score0.25617EPSS
Exploits0References7Affected Software2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2007/02/14 12:0 a.m.35 views

JVN#28356427 ColdFusion cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct a session hijacking. Solution Products Affected ColdFusion MX 7.X For more information, refer to the vendor's website...

4.3CVSS6.3AI score0.03019EPSS
Exploits0
NVD
NVD
added 2006/12/29 9:28 p.m.18 views

CVE-2006-6825

Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely fro...

7.5CVSS6.4AI score0.01201EPSS
Exploits0References1
CVE
CVE
added 2006/12/29 9:0 p.m.45 views

CVE-2006-6825

CVE-2006-6825 affects Calendar MX BASIC 1.0.2 and earlier. The vulnerability arises because the application stores sensitive information under the web root with insufficient access control, enabling remote attackers to download the database (calendar.mdb) via a direct request. The records indicat...

7.5CVSS6.7AI score0.01201EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2006/12/29 9:0 p.m.24 views

CVE-2006-6825

Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely fro...

6.4AI score0.01201EPSS
Exploits0References1
NVD
NVD
added 2006/12/28 12:28 a.m.13 views

CVE-2006-6792

SQL injection vulnerability in calendardetail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

7.5CVSS8.1AI score0.01033EPSS
Exploits0References4
NVD
NVD
added 2006/12/28 12:28 a.m.11 views

CVE-2006-6787

SQL injection vulnerability in admin/adminmailadressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter...

7.5CVSS8.4AI score0.0108EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/12/28 12:0 a.m.15 views

CVE-2006-6787

SQL injection vulnerability in admin/adminmailadressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter...

8.4AI score0.0108EPSS
Exploits0References4
CVE
CVE
added 2006/12/28 12:0 a.m.43 views

CVE-2006-6792

CVE-2006-6792 affects Calendar MX BASIC 1.0.2 and earlier, with an SQL injection via the ID parameter in calendar_detail.asp. The vulnerability details provided indicate remote attackers could potentially manipulate SQL commands, aligned with a CVSS v2 base score of 7.5 (HIGH) and network access ...

7.5CVSS8.5AI score0.01033EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2006/12/28 12:0 a.m.37 views

CVE-2006-6787

CVE-2006-6787 is a SQL injection vulnerability in Newsletter MX 1.0.2 and earlier. The flaw resides in the admin/admin_mail_adressee.asp page, where the ID parameter can be manipulated to cause the application to execute arbitrary SQL commands. Documents provided do not include exploit code or in...

7.5CVSS8.8AI score0.0108EPSS
Exploits0References4Affected Software1
seebug.org
seebug.org
added 2006/12/25 12:0 a.m.20 views

Newsletter MX <= 1.0.2 (ID) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl Script Name: Newsletter MX : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /\// else print "-- Exploit FailedNo DIR \n"; exit; print "User : "; $ID = ; chop $ID; if $ID = /exit/ print...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2006/12/25 12:0 a.m.51 views

Title : Calendar MX BASIC &lt;= 1.0.2 &#40;ID&#41; Remote SQL Injection Vulnerability

Title : Calendar MX BASIC = 1.0.2 ID Remote SQL Injection Vulnerability Author : ajann Contact : : $$ : Free SQL--------------------------------------------------------- http://target/path//calendardetail.asp?ID=SQL Example:...

0.8AI score
Exploits0
Rows per page
Query Builder