CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

143 matches found

exploitpack•added 2006/06/02 12:0 a.m.•12 views

DELTAScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities

DELTAScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18243/info PHP Pro Publish is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...

7.1AI score

Exploits0

Exploit DB•added 2006/06/02 12:0 a.m.•20 views

DELTAScripts PHP Pro Publish 2.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/18243/info PHP Pro Publish is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execut...

7.4AI score

Exploits0

OpenVAS•added 2005/11/03 12:0 a.m.•38 views

SQL injection in ReviewPost PHP Pro

There is a flaw in ReviewPost PHP Pro which may allow a malicious attacker to inject arbitrary SQL queries which allows it to fetch data from the database. SPDX-FileCopyrightText: 2004 Astharot Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.5CVSS7.1AI score0.01239EPSS

Exploits1References4

NVD•added 2005/08/30 11:45 a.m.•9 views

CVE-2005-2737

Cross-site scripting XSS vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag...

4.3CVSS5.8AI score0.01296EPSS

Exploits0References6

Cvelist•added 2005/08/29 4:0 a.m.•15 views

CVE-2005-2737

Cross-site scripting XSS vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag...

5.8AI score0.01296EPSS

Exploits0References6

CVE•added 2005/08/29 4:0 a.m.•50 views

CVE-2005-2737

CVE-2005-2737 describes a cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1. The flaw allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag, which could be rendered in victims’ browsers. The provided sources identify the affecte...

4.3CVSS5.8AI score0.01296EPSS

Exploits0References6Affected Software1

securityvulns•added 2005/08/28 12:0 a.m.•34 views

Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities

Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities Summary : A large majority of PHP Images Gallery Technologies now handle the Exchangeable Image File EXIF header of jpeg files. The Exchangeable Image File EXIF format is an international specification that lets imaging companies...

5.7AI score

Exploits0

Tenable Nessus•added 2005/08/27 12:0 a.m.•32 views

PhotoPost PHP Pro EXIF Data XSS

According to its banner, the version of PhotoPost PHP Pro installed on the remote web server is prone to script insertion attacks because it does not sanitize malicious EXIF data stored in image files. Using a specially crafted image file, an attacker can exploit this flaw to cause arbitrary HTML...

4.3CVSS6AI score0.01296EPSS

Exploits0References3

Tenable Nessus•added 2005/08/26 12:0 a.m.•11 views

PhotoPost < 5.11 PHP Pro EXIF Data XSS

Binary data 3187.prm...

4.3CVSS7.3AI score0.01296EPSS

Exploits0References3

securityvulns•added 2005/08/26 12:0 a.m.•41 views

[SA16597] PhotoPost PHP Pro EXIF Data Script Insertion Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.2AI score

Exploits0

CVE•added 2005/07/10 4:0 a.m.•57 views

CVE-2004-2175

The CVE-2004-2175 entry corresponds to SQL injection flaws in ReviewPost PHP Pro. Affected: ReviewPost PHP Pro web app; vulnerable in showproduct.php (product param) and showcat.php (cat param). Cause: unsanitized user input used in database queries. Impact: potential data disclosure and, per Ope...

7.5CVSS8.6AI score0.01239EPSS

Exploits1References5Affected Software1

Cvelist•added 2005/07/10 4:0 a.m.•14 views

CVE-2004-2175

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the 1 product parameter to showproduct.php or 2 cat parameter to showcat.php...

8.6AI score0.01239EPSS

Exploits1References5

Cvelist•added 2005/05/17 4:0 a.m.•19 views

CVE-2005-1629

SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter...

8.5AI score0.02089EPSS

Exploits1References2

CVE•added 2005/05/17 4:0 a.m.•46 views

CVE-2005-1629

Photopost PHP Pro contains a SQL injection in member.php via the verifykey parameter, allowing remote attackers to execute arbitrary SQL commands. Root cause: unsanitized input used in SQL queries. Affected component: Photopost PHP Pro (member.php). Exploitation status is not detailed in the prov...

7.5CVSS8.5AI score0.02089EPSS

Exploits1References2Affected Software1

NVD•added 2005/05/17 4:0 a.m.•21 views

CVE-2005-1629

SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter...

7.5CVSS8.5AI score0.02089EPSS

Exploits1References2

Tenable Nessus•added 2005/05/13 12:0 a.m.•23 views

PhotoPost PHP Pro < 5.02 RC4 member.php uid Parameter SQL Injection

Binary data 2903.prm...

7.5CVSS7.3AI score0.02089EPSS

Exploits1References1

Cvelist•added 2005/05/10 4:0 a.m.•16 views

CVE-2004-1870

Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the 1 photo parameter to addfav.php, 2 photo parameter to comments.php, 3 credit parameter to comments.php, 4 cat parameter to index.php, 5 ppuser parameter to...

8.1AI score0.0116EPSS

Exploits2References5

Cvelist•added 2005/05/10 4:0 a.m.•19 views

CVE-2004-1871

Multiple cross-site scripting XSS vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ppuser, 2 password, 3 stype, 4 perpage, 5 sort, 6 page, 7 si, or 8 cat parameters to showmembers.php, or the 9 photo name, 10 photo...

5.9AI score0.01976EPSS

Exploits3References6

CVE•added 2005/05/10 4:0 a.m.•45 views

CVE-2004-1871

PhotoPost PHP Pro 4.6.x and earlier are affected by multiple cross-site scripting (XSS) vulnerabilities. Exploitation targets showmembers.php via the parameters ppuser, password, stype, perpage, sort, page, si, cat, and also the photo/album name/description fields. Affected product/version: Photo...

4.3CVSS5.9AI score0.01976EPSS

Exploits3References6Affected Software1

CVE•added 2005/05/10 4:0 a.m.•43 views

CVE-2004-1870

PhotoPost PHP Pro 4.6.x and earlier are affected by multiple SQL injection vulnerabilities. The CVE entry references attackers being able to extract user passwords via parameters such as photo (addfav.php, comments.php), credit (comments.php), cat (index.php, showgallery.php), ppuser (showgallery...

7.5CVSS8.1AI score0.0116EPSS

Exploits2References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by