Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7206 matches found

0day.today
0day.todayadded 2009/05/15 12:0 a.m.35 views

Rama CMS <= 0.9.8 (download.php file) File Disclosure Vulnerability

Exploit for unknown platform in category web applications =================================================================== Rama CMS Vul header'Content-Disposition: attachment; filename='.$file; switch $GET'type' case 'Doc': header 'Content-type: application/msword'; break; case 'Excel': header...

7.1AI score
Exploits0
NVD
NVDadded 2009/05/12 4:30 p.m.12 views

CVE-2008-6807

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

7.5CVSS7.2AI score0.00612EPSS
Exploits1References2
Prion
Prionadded 2009/05/12 4:30 p.m.12 views

Remote file inclusion

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

7.5CVSS7.5AI score0.00636EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2009/05/12 4:0 p.m.17 views

CVE-2008-6807

PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xmldir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the libdir...

7.2AI score0.00612EPSS
Exploits1References2
0day.today
0day.todayadded 2009/05/12 12:0 a.m.18 views

Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit

Exploit for unknown platform in category web applications ========================================================= Bitweaver saveFeed $rssversionname, $cacheFile ; ... it calls saveFeed function in an insecure way, arguments are built on $REQUESTversion var and may contain directory traversal...

7.1AI score
Exploits0
NVD
NVDadded 2009/05/01 10:30 p.m.12 views

CVE-2009-1512

Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php...

6.5CVSS6.9AI score0.0241EPSS
Exploits0References2
Exploit DB
Exploit DBadded 2009/05/01 12:0 a.m.26 views

Golabi CMS 1.0.1 - Session Poisoning

-------------------------------------------------------------------------------- \ \ / \ | | / \ /\ \ \ \ /| | \ /|| / / | /| /\ / \ / / / // / /// / -------------------------------------------------------------------------------- wWw.CrazyAngel.iR - info-AT-CrazyAngel.iR...

7.4AI score
Exploits0
NVD
NVDadded 2009/04/29 6:30 p.m.11 views

CVE-2008-6768

Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/...

6.8CVSS7.6AI score0.03103EPSS
Exploits0References5
Prion
Prionadded 2009/04/29 6:30 p.m.11 views

Unrestricted file upload

Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/...

6.8CVSS8.1AI score0.03103EPSS
Exploits0References5
CVE
CVEadded 2009/04/29 6:6 p.m.38 views

CVE-2008-6773

The CVE-2008-6773 entry concerns YourPlace 1.0.2 and earlier, where a static code injection flaw in user/internettoolbar/edit.php allows remote authenticated users to execute arbitrary PHP via 10 fav parameters, resulting in partial impact to confidentiality, integrity, and availability. The root...

6.5CVSS7.7AI score0.03192EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2009/04/28 4:30 p.m.8 views

CVE-2008-6761

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter aka the Database Name field. NOTE: the installation instructions specify deleting admin/install.php...

10CVSS7.3AI score0.03789EPSS
Exploits0References2
NVD
NVDadded 2009/04/28 4:30 p.m.9 views

CVE-2009-1463

Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file...

7.5CVSS7.2AI score0.00752EPSS
Exploits1References5
Prion
Prionadded 2009/04/28 4:30 p.m.11 views

Code injection

Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file...

7.5CVSS7.7AI score0.00752EPSS
Exploits1References5Affected Software1
Prion
Prionadded 2009/04/28 4:30 p.m.15 views

Code injection

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter aka the Database Name field. NOTE: the installation instructions specify deleting admin/install.php...

10CVSS7.8AI score0.03789EPSS
Exploits0References2
Prion
Prionadded 2009/04/28 4:30 p.m.8 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code...

6.8CVSS7.7AI score0.00269EPSS
Exploits0References7Affected Software1
CVE
CVEadded 2009/04/28 4:0 p.m.46 views

CVE-2008-6761

CVE-2008-6761 affects Flexcustomer 0.0.6 and is a static code injection vulnerability in admin/install.php that enables remote attackers to inject arbitrary PHP into const.inc.php via the installdbname parameter (Database Name field). The issue stems from admin/install.php and installation notes ...

10CVSS7.5AI score0.03789EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2009/04/28 4:0 p.m.14 views

CVE-2009-1459

Cross-site request forgery CSRF vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code...

7.1AI score0.00269EPSS
Exploits0References7
Cvelist
Cvelistadded 2009/04/28 4:0 p.m.13 views

CVE-2008-6761

Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter aka the Database Name field. NOTE: the installation instructions specify deleting admin/install.php...

7.3AI score0.03789EPSS
Exploits0References2
Prion
Prionadded 2009/04/28 3:30 p.m.16 views

Remote file inclusion

PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the pagecontent parameter...

7.5CVSS7.7AI score0.01789EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2009/04/28 3:0 p.m.15 views

CVE-2009-1450

PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the pagecontent parameter...

7.4AI score0.01789EPSS
Exploits0References1
Rows per page
Query Builder