CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

950 matches found

Tenable Nessus•added 2016/08/18 12:0 a.m.•29 views

FreeBSD : phpmyadmin -- multiple vulnerabilities (ef70b201-645d-11e6-9cdc-6805ca0b3d42)

The phpmyadmin development team reports : Weakness with cookie encryption Multiple XSS vulnerabilities Multiple XSS vulnerabilities PHP code injection Full path disclosure SQL injection attack Local file exposure Local file exposure through symlinks with UploadDir Path traversal with SaveDir and...

10CVSS7AI score0.04156EPSS

Exploits0References55

FreeBSD•added 2016/08/17 12:0 a.m.•42 views

phpmyadmin -- multiple vulnerabilities

The phpmyadmin development team reports: Weakness with cookie encryption Multiple XSS vulnerabilities Multiple XSS vulnerabilities PHP code injection Full path disclosure SQL injection attack Local file exposure Local file exposure through symlinks with UploadDir Path traversal with SaveDir and...

2AI score

Exploits0References27

0day.today•added 2016/08/16 12:0 a.m.•24 views

Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection

Exploit for php platform in category web applications + Credits: John Page HYP3RLINX Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON is an easy-to-use but full customizable Content Management System CMS. Vulnerability...

7.1AI score

Exploits0

exploitpack•added 2016/08/16 12:0 a.m.•17 views

Lepton CMS 2.2.02.2.1 - PHP Code Injection

Lepton CMS 2.2.02.2.1 - PHP Code Injection + Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product:...

0.2AI score

Exploits0

Exploit DB•added 2016/08/16 12:0 a.m.•27 views

Lepton CMS 2.2.0/2.2.1 - PHP Code Injection

Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON...

7.4AI score

Exploits0

Packet Storm•added 2016/08/16 12:0 a.m.•31 views

Lepton CMS 2.2.0 / 2.2.1 PHP Code Injection

0.2AI score

Exploits0

exploitpack•added 2016/07/11 12:0 a.m.•230 views

IPS Community Suite 4.1.12.3 - PHP Code Injection

IPS Community Suite 4.1.12.3 - PHP Code Injection --------------------------------------------------------------------------- IPS Community Suite contentclass ; 39. 40. if ! classexists $class or ! inarray 'IPS\Content', classparents $class 41. 42. \IPS\Output::i-error 'nodeerror', '2S226/2', 404...

6.8CVSS0.2AI score0.19825EPSS

Exploits7

Packet Storm•added 2016/07/07 12:0 a.m.•122 views

IPS Community Suite 4.1.12.3 PHP Code Injection

--------------------------------------------------------------------------- IPS Community Suite contentclass ; 39. 40. if ! classexists $class or ! inarray 'IPS\Content', classparents $class 41. 42. \IPS\Output::i-error 'nodeerror', '2S226/2', 404, '' ; 43. User input passed through the...

6.8CVSS0.2AI score0.19825EPSS

Exploits7

exploitpack•added 2016/06/27 12:0 a.m.•15 views

SugarCRM 6.5.18 - PHP Code Injection

SugarCRM 6.5.18 - PHP Code Injection --------------------------------------------------------- SugarCRM $val 104. $str.= overridevaluetostringrecursive2$newArrayName, $key, $val, $saveempty; 105. 106. return $str; 107. else 108. if!$saveempty && empty$value 109. return; 110. else 111. return...

8AI score

Exploits0

Packet Storm•added 2016/06/24 12:0 a.m.•22 views

SugarCRM 6.5.18 PHP Code Injection

--------------------------------------------------------- SugarCRM $val 104. $str.= overridevaluetostringrecursive2$newArrayName, $key, $val, $saveempty; 105. 106. return $str; 107. else 108. if!$saveempty && empty$value 109. return; 110. else 111. return "$$arrayname" . "'$valuename' = "...

7.4AI score

Exploits0

FreeBSD•added 2016/04/11 12:0 a.m.•14 views

phpmyfaq -- cross-site request forgery vulnerability

The phpMyFAQ team reports: The vulnerability exists due to application does not properly verify origin of HTTP requests in "Interface Translation" functionality.: A remote unauthenticated attacker can create a specially crafted malicious web page with CSRF exploit, trick a logged-in administrator...

1.6AI score

Exploits0References2

Hacker One•added 2016/04/03 9:22 a.m.•24 views

Uber: Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin

newsroom.uber.com uses a WordPress plugin called Stream to log user activity. In some cases the logged events aren't sanitized properly and can contain HTML tags and JavaScript. An unauthenticated user can produce such a log message to inject JavaScript in the admin panel. When an administrator...

6.7AI score

Exploits0

htbridge•added 2016/01/13 12:0 a.m.•514 views

Remote Code Execution in Exponent

High-Tech Bridge Security Research Lab discovered critical vulnerability in Exponent CMS, which can be exploited to inject and execute arbitrary PHP code on the vulnerable system with the privileges of the web server. The vulnerability resides within "/install/index.php" script, when handling...

10CVSS9.8AI score0.09645EPSS

Exploits3Affected Software1

Packet Storm•added 2015/12/21 12:0 a.m.•27 views

phpMyFAQ 2.7.9 PHP Code Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : http://0day.today 0 1 + Support e-mail :...

0.5AI score

Exploits0

Packet Storm•added 2015/12/20 12:0 a.m.•41 views

WordPress WooCommerce 2.4.12 PHP Code Injection

Exploits0

Packet Storm•added 2015/12/07 12:0 a.m.•18 views

DMarket 1.0 Remote PHP Code Injection

| Title : DMarket 1.0 Remote PHP Code Injection Exploit | Author : indoushka | email : [email protected] | Dork : Copy right © 2010 . All right reserved Powered By : DMarket تمامی حقوق برای فروشگاه Print Art محفوظ است | Tested on: windows 8.1 Français V.Pro | Download :...

0.2AI score

Exploits0

Kitploit•added 2015/11/11 10:32 a.m.•15 views

WAP - Web Application Protection

WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-site...

8.4AI score

Exploits0

Packet Storm•added 2015/11/04 12:0 a.m.•31 views

ATutor 2.2 PHP Code Injection

--------------------------------------------------------------- ATutor "name" 186. 187. $sort = '$grades'.$ordercol.', SORT'.strtoupper$order.', $selectedstudents ... 188. 189. foreach$selectedtests as $test 190. 191. if $test"gradebooktestid" $ordercol 192. $sort .= ',...

6.5CVSS0.00596EPSS

Exploits3

0day.today•added 2015/08/18 12:0 a.m.•28 views

Nuts CMS Remote PHP Code Injection / Execution Exploit

Exploit for php platform in category web applications "cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost /"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $path = $argv2; $pack = "GET $pathnuts/login.php?r= HTTP/1.0\r\n"; $pack.= "Host: $host\r\n"; $pack.= "Cmd: %s\r\n"; $pack....

7.1AI score

Exploits0

Exploit DB•added 2015/07/13 12:0 a.m.•82 views

SO Planning 1.32 - Multiple Vulnerabilities

SOPlanning - Simple Online Planning Tool multiple vulnerabilities CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677 Vendor: http://www.soplanning.org/ Product: SOPlanning - Simple Online Planning Version affected: 1.32 and prior Product description: SO Planning is an...

9.8CVSS7AI score0.81928EPSS

Exploits7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by