Lucene search
K

690 matches found

Prion
Prion
added 2007/11/05 7:46 p.m.18 views

Directory traversal

Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the lng parameter to a guestbook.php, b admin/admin.guestbook.php, or c auto/globnew.php; or 2 the lngdefault parameter to...

6.8CVSS7.8AI score0.05525EPSS
Exploits0References8Affected Software1
seebug.org
seebug.org
added 2007/03/21 12:0 a.m.22 views

LedgerSMB/SQL-Ledger login本地文件包含和验证绕过漏洞

SQL-Ledger/LedgerSMB是开源的ERP系统。 SQL-Ledger/LedgerSMB不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是'am.pl'脚本对用户提交的'login'参数缺少过滤,提交恶意脚本代码作为参数数据,并诱使用户访问,可导致获得目标用户敏感信息。 SQL-Ledger SQL-Ledger 2.6.26 SQL-Ledger SQL-Ledger 2.6.25 SQL-Ledger SQL-Ledger 2.6.21 SQL-Ledger SQL-Ledger 2.6.19 SQL-Ledger SQL-Ledge...

7.1AI score
Exploits0
Prion
Prion
added 2007/01/12 5:4 a.m.13 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the configsitepath parameter to 1 adminpassword.php, 2 addwelcometext.php, 3 adminemail.php, 4 addtemplates.php, 5 adminpaypalemail.php, 6...

7.5CVSS8.1AI score0.04554EPSS
Exploits0References32
Cvelist
Cvelist
added 2006/11/29 2:0 a.m.19 views

CVE-2006-6167

Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks APB 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APBSETTINGS'apbpath' parameter in 1 apbcommon.php or 2 apb.php. NOTE: CVE and another third party...

7.5AI score0.01785EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/07/21 12:0 a.m.24 views

CVE-2006-3766

Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10...

6.4AI score0.01138EPSS
Exploits0References4
Prion
Prion
added 2006/05/22 10:2 p.m.17 views

Authentication flaw

Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to editmember and the value parameter to 1...

7.5CVSS7.8AI score0.03347EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2006/04/20 6:6 p.m.22 views

CVE-2006-1914

DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid 1 fcategoryid parameter to topics.php or 2 unavariabile, 3 GLOBALS, or 4 SERVER parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue...

5CVSS6.2AI score0.01377EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2006/04/07 10:4 a.m.5 views

CVE-2006-1659

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in imagedesc.php, 2 provided parameter in template.php, 3 cid parameter in suggestimage.php, 4 imgid parameter in insertrating.php, and 5 cid parameter i...

6.4CVSS6.2AI score0.022EPSS
Exploits1References11
NVD
NVD
added 2006/04/01 12:4 a.m.17 views

CVE-2006-1573

PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter part of the $pagemenu variable...

7.5CVSS7.5AI score0.03238EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/02/15 11:0 a.m.16 views

CVE-2006-0713

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. dot dot sequences in the 1 lang parameter in docs/index.php and the language parameter in 2 install/install.php, 3 install/secstageinstall.php, 4 install/thirdstageinstall.php, and 5...

7.4AI score0.03019EPSS
Exploits1References7
Cvelist
Cvelist
added 2005/11/20 10:0 p.m.17 views

CVE-2005-3529

tiki-viewforumthread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topicssortmode parameter, possibly related to an SQL injection vulnerability...

7.6AI score0.01433EPSS
Exploits2References6
NVD
NVD
added 2005/08/05 4:0 a.m.10 views

CVE-2005-2474

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to 1 PersonView.php, 2 MemberRoleChange.php, 3 PropertyAssign.php, 4 WhyCameEditor.php, 5 GroupPropsEditor.php, 6 Reports/PDFLabel.php, or 7 UserDelete.php, an invalid Number parameter to 8...

5CVSS6.6AI score0.02257EPSS
Exploits0References18
NVD
NVD
added 2005/07/19 4:0 a.m.12 views

CVE-2005-2312

management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the userid parameter...

7.5CVSS6.7AI score0.01532EPSS
Exploits0References3
NVD
NVD
added 2004/12/31 5:0 a.m.16 views

CVE-2004-1734

PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the 1 tcorepath parameter to bugapi.php or 2 tcoredir parameter to relationshipapi.php to reference a URL on a remote web server that contains the code...

7.5CVSS7.6AI score0.01678EPSS
Exploits1References3
NVD
NVD
added 2004/12/31 5:0 a.m.21 views

CVE-2004-2638

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the inlogin parameter to a non-zero value...

7.5CVSS6.6AI score0.01549EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2004/11/22 12:0 a.m.20 views

PHPKIT 1.6 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/11725/info It is reported that PHPKIT is susceptible to cross-site scripting and SQL injection vulnerabilities. The cross-site scripting issue is present in a parameter of the 'popup.php' script. An attacker can exploit this issue by creating a malicious...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.10 views

AWStats Rawlog Plugin Logfile Parameter Arbitrary Command Execution

Binary data 1728.prm...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2004/03/18 5:0 a.m.25 views

CVE-2004-0344

Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. dot dot in the attachOld parameter...

6.7AI score0.02156EPSS
Exploits1References2
exploitpack
exploitpack
added 2003/04/05 12:0 a.m.16 views

Invision Board 1.1.1 - functions.php SQL Injection

Invision Board 1.1.1 - functions.php SQL Injection source: https://www.securityfocus.com/bid/7290/info An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the functions.php script file. An attacker may be...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2003/03/11 12:0 a.m.18 views

VPOPMail 0.9x - vpopmail.php Remote Command Execution

VPOPMail 0.9x - vpopmail.php Remote Command Execution source: https://www.securityfocus.com/bid/7063/info A vulnerability has been reported for VPOPMail that may allow attackers to execute arbitrary commands on a vulnerable system. The vulnerability exists due to insufficient sanitization of...

0.4AI score
Exploits0
Rows per page
Query Builder