CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2005/04/18 12:0 a.m.•26 views

Coppermine Photo Gallery init.inc.php X-Forwarded-For XSS

According to its version number, the version of Coppermine Photo Gallery installed on the remote host is affected by a cross-site scripting vulnerability when logging user comments. A user with access to the comments module can exploit this flaw using a specially crafted 'X-Forwarded-For' header ...

4.3CVSS5.4AI score0.00346EPSS

Exploits0References3

Tenable Nessus•added 2005/04/08 12:0 a.m.•26 views

CubeCart <= 2.0.6 Multiple SQL Injections

The installed version of CubeCart on the remote host suffers from multiple SQL injection vulnerabilities due to its failure to sanitize user input via the 'PHPSESSID' parameter of the 'index.php' script, the 'product' parameter of the 'tellafriend.php' script, the 'add' parameter of the...

5CVSS6AI score0.03745EPSS

Tenable Nessus•added 2005/04/06 12:0 a.m.•22 views

RunCMS Remote Arbitrary File Upload

The remote host is running RunCMS / E-Xoops, a content management system written in PHP. According to its banner, the version of this software installed on the remote host may allow a user to upload arbitrary files and potentially run them. This issue arises if avatar uploads are enabled they are...

5CVSS5.7AI score0.00483EPSS

Tenable Nessus•added 2005/03/29 12:0 a.m.•27 views

CPG Dragonfly Multiple XSS

The version of CPG Dragonfly / CPG-Nuke CMS installed on the remote host suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user-input to several variables in various modules. An attacker can exploit these flaws to steal cookie-based authentication credentia...

4.3CVSS5.2AI score0.00281EPSS

Exploits0References3

Tenable Nessus•added 2005/03/17 12:0 a.m.•54 views

Phorum Detection

The remote host is running Phorum, a web-based message board written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17349; scriptversion"1.19"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"Phorum Detection";...

Tenable Nessus•added 2005/03/11 12:0 a.m.•25 views

Zorum <= 3.5 Multiple Remote Vulnerabilities

The remote host is running Zorum, an open source electronic forum written in PHP. The version of Zorum installed on the remote host is prone to numerous flaws, including remote code execution, privilege escalation, and SQL injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

7.5CVSS5.9AI score0.11662EPSS

Exploits11References10

Tenable Nessus•added 2005/03/02 12:0 a.m.•10 views

paNews Detection

The remote host is running paNews, a news management application written in PHP. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid17253; scriptversion"1.18"; scriptsetattributeattribute:"pluginmodificationdate",...

Tenable Nessus•added 2005/02/23 12:0 a.m.•22 views

Exploits0

paNews admin_setup.php Multiple Parameter Arbitrary PHP Code Injection

The remote host is running a version of paNews that fails to properly sanitize input passed to the script 'includes/adminsetup.php' and, in addition, allows writes by the web user to the directory 'includes' not the default configuration. Taken together, these flaws allow a remote attacker to run...

5CVSS6AI score0.0322EPSS

Tenable Nessus•added 2005/02/09 12:0 a.m.•34 views

PHP-Fusion Detection

The remote host is running PHP-Fusion, a light-weight, open source content management system written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid16335; scriptversion"1.18"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...

Tenable Nessus•added 2005/02/08 12:0 a.m.•18 views

Chipmunk CMScore Multiple Script SQL Injection

The remote host is running Chipmunk CMScore, a web-based software written in PHP. The remote version of this software is affected by several SQL injection vulnerabilities that may allow an attacker to execute arbitrary SQL statements using the remote SQL database. %NASLMINLEVEL 70300 C Tenable...

7.5CVSS5.8AI score0.00441EPSS

Tenable Nessus•added 2005/02/07 12:0 a.m.•24 views

Mambo Site Server Multiple Vulnerabilities

An attacker may use the installed version of Mambo Site Server to perform a cross-site scripting attack on this host or execute arbitrary code through the gallery image uploader under the administrator directory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc...

6.8CVSS5.1AI score0.09203EPSS

Exploits1References2

Gentoo Linux•added 2005/01/30 12:0 a.m.•30 views

Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Rafel Ivgi has discovered a cross-site scripting...

5CVSS6.2AI score0.00572EPSS

Exploits0

Tenable Nessus•added 2005/01/21 12:0 a.m.•17 views

GForge Multiple Script Traversal Arbitrary Directory Listing

The remote host is running GForge, a CVS repository browser written in PHP. The installed version fails to properly sanitize user-supplied data to the 'dir' URI parameter in the 'controller.php' script, or the 'dirname' parameter in the 'controlleroo.php' script. An attacker could exploit this fl...

5CVSS5.5AI score0.00457EPSS

Tenable Nessus•added 2005/01/18 12:0 a.m.•13 views

ITA Forum Multiple Scripts SQL Injection

The remote host is running ITA Forum, a forum software written in PHP. There is a SQL injection issue in the remote version of this software which may allow an attacker to execute arbitrary SQL statements on the remote host and to potentially overwrite arbitrary files on the remote system, by...

6.2AI score

Tenable Nessus•added 2005/01/14 12:0 a.m.•16 views

MPM Guestbook Pro top.php Traversal Arbitrary File Access

The remote host is running MPM Guestbook, a guestbook application written in PHP. There is a flaw in this version which allows an attacker to read arbitrary files on the remote host or to execute arbitrary PHP commands on the remote host by including files hosted on a third-party server...

6.1AI score

Tenable Nessus•added 2005/01/14 12:0 a.m.•23 views

Siteman forum.php page Parameter XSS

The remote host is running Siteman, a web-based content management system written in PHP. The remote version of this software is vulnerable to a cross-site scripting attack due to a lack of sanitization of user-supplied data to the 'page' parameter of the 'forum.php' script. Successful exploitati...