Lucene search
K

687 matches found

Cvelist
Cvelist
added 2006/11/29 2:0 a.m.18 views

CVE-2006-6167

Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks APB 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APBSETTINGS'apbpath' parameter in 1 apbcommon.php or 2 apb.php. NOTE: CVE and another third party...

7.5AI score0.01785EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/07/21 12:0 a.m.23 views

CVE-2006-3766

Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10...

6.4AI score0.01138EPSS
Exploits0References4
Prion
Prion
added 2006/05/22 10:2 p.m.16 views

Authentication flaw

Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to editmember and the value parameter to 1...

7.5CVSS7.8AI score0.03347EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2006/04/20 6:6 p.m.21 views

CVE-2006-1914

DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid 1 fcategoryid parameter to topics.php or 2 unavariabile, 3 GLOBALS, or 4 SERVER parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue...

5CVSS6.2AI score0.01377EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2006/04/07 10:4 a.m.5 views

CVE-2006-1659

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in imagedesc.php, 2 provided parameter in template.php, 3 cid parameter in suggestimage.php, 4 imgid parameter in insertrating.php, and 5 cid parameter i...

6.4CVSS6.2AI score0.022EPSS
Exploits1References11
NVD
NVD
added 2006/04/01 12:4 a.m.17 views

CVE-2006-1573

PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter part of the $pagemenu variable...

7.5CVSS7.5AI score0.03238EPSS
Exploits0References6
Cvelist
Cvelist
added 2006/02/15 11:0 a.m.15 views

CVE-2006-0713

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. dot dot sequences in the 1 lang parameter in docs/index.php and the language parameter in 2 install/install.php, 3 install/secstageinstall.php, 4 install/thirdstageinstall.php, and 5...

7.4AI score0.03019EPSS
Exploits1References7
Cvelist
Cvelist
added 2005/11/20 10:0 p.m.17 views

CVE-2005-3529

tiki-viewforumthread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topicssortmode parameter, possibly related to an SQL injection vulnerability...

7.6AI score0.01433EPSS
Exploits2References6
NVD
NVD
added 2005/08/05 4:0 a.m.10 views

CVE-2005-2474

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to 1 PersonView.php, 2 MemberRoleChange.php, 3 PropertyAssign.php, 4 WhyCameEditor.php, 5 GroupPropsEditor.php, 6 Reports/PDFLabel.php, or 7 UserDelete.php, an invalid Number parameter to 8...

5CVSS6.6AI score0.02257EPSS
Exploits0References18
NVD
NVD
added 2005/07/19 4:0 a.m.11 views

CVE-2005-2312

management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the userid parameter...

7.5CVSS6.7AI score0.01532EPSS
Exploits0References3
NVD
NVD
added 2004/12/31 5:0 a.m.20 views

CVE-2004-2638

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the inlogin parameter to a non-zero value...

7.5CVSS6.6AI score0.01549EPSS
Exploits0References5
NVD
NVD
added 2004/12/31 5:0 a.m.16 views

CVE-2004-1734

PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the 1 tcorepath parameter to bugapi.php or 2 tcoredir parameter to relationshipapi.php to reference a URL on a remote web server that contains the code...

7.5CVSS7.6AI score0.01678EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2004/11/22 12:0 a.m.20 views

PHPKIT 1.6 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/11725/info It is reported that PHPKIT is susceptible to cross-site scripting and SQL injection vulnerabilities. The cross-site scripting issue is present in a parameter of the 'popup.php' script. An attacker can exploit this issue by creating a malicious...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.10 views

AWStats Rawlog Plugin Logfile Parameter Arbitrary Command Execution

Binary data 1728.prm...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2004/03/18 5:0 a.m.24 views

CVE-2004-0344

Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. dot dot in the attachOld parameter...

6.7AI score0.02156EPSS
Exploits1References2
exploitpack
exploitpack
added 2003/04/05 12:0 a.m.15 views

Invision Board 1.1.1 - functions.php SQL Injection

Invision Board 1.1.1 - functions.php SQL Injection source: https://www.securityfocus.com/bid/7290/info An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the functions.php script file. An attacker may be...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2003/03/11 12:0 a.m.17 views

VPOPMail 0.9x - vpopmail.php Remote Command Execution

VPOPMail 0.9x - vpopmail.php Remote Command Execution source: https://www.securityfocus.com/bid/7063/info A vulnerability has been reported for VPOPMail that may allow attackers to execute arbitrary commands on a vulnerable system. The vulnerability exists due to insufficient sanitization of...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2003/03/03 12:0 a.m.14 views

GTCatalog 0.8.160.9 - Remote File Inclusion

GTCatalog 0.8.160.9 - Remote File Inclusion source: https://www.securityfocus.com/bid/6998/info GTCatalog is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remot...

7.5AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/18 12:0 a.m.19 views

D-Forum 1 - 'header' Remote File Inclusion

source: https://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. Under some circumstances, it is possible for remote...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/18 12:0 a.m.22 views

D-Forum 1 - 'footer' Remote File Inclusion

source: https://www.securityfocus.com/bid/6879/info D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts. Under some circumstances, it is possible for remote...

7.4AI score
Exploits0
Rows per page
Query Builder