CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OpenVAS•added 2012/06/11 12:0 a.m.•23 views

WordPress Foxypress Plugin 'uploadify.php' Arbitrary File Upload Vulnerability

WordPress Foxypress Plugin is prone to file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.3AI score

Exploits0References5

Exploit DB•added 2012/06/06 12:0 a.m.•29 views

SN News 1.2 - 'visualiza.php' SQL Injection

\n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/snnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "visualiza.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; echo " Trying to get informations...\n"; $infos =...

Packet Storm•added 2012/06/04 12:0 a.m.•18 views

Mnews 1.1 SQL injection

\n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/mnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "view.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; echo " Trying to get informations...\n"; $infos =...

0.1AI score

Vulnerability Lab•added 2012/06/04 12:0 a.m.•18 views

Cells Blog CMS v1.1 - Multiple Web Vulnerabilities

Document Title: =============== Cells Blog CMS v1.1 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=591 Release Date: ============= 2012-06-04 Vulnerability Laboratory ID VL-ID: ==================================== 591 Comm...

Vulnerability Lab•added 2012/06/04 12:0 a.m.•15 views

Cells Blog CMS v1.1 - Multiple Web Vulnerabilities

0day.today•added 2012/05/18 12:0 a.m.•15 views

Cryptographp Local File Inclusion / HTTP Response Splitting

Exploit for php platform in category web applications During a security assessment, I’ve found that my target was using Cryptographp which is a PHP script used for generate « captchas ». It was easily noticeable when I’ve found the following URL: http://WWWW/cryptographp.inc.php?cfg=XX&sn=YYYY&ZZ...

Packet Storm•added 2012/05/18 12:0 a.m.•16 views

Cryptographp Local File Inclusion / HTTP Response Splitting

During a security assessment, Ive found that my target was using Cryptographp which is a PHP script used for generate « captchas ». It was easily noticeable when Ive found the following URL: http://WWWW/cryptographp.inc.php?cfg=XX&sn=YYYY&ZZZZ So I've decided to take a look at the source code a...

Zero Science Lab•added 2012/05/16 12:0 a.m.•21 views

backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability

Summary backupDB is a PHP script that backs up MySQL tables and databases to a file uncompressed, gzip, bzip2 for easy daily backup. Description backupDB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to...

4.3CVSS6AI score0.03359EPSS

Exploits2

0day.today•added 2012/05/16 12:0 a.m.•15 views

backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability

Exploit for php platform in category web applications backupDB v1.2.7a onlyDB Remote XSS Vulnerability Vendor: SiliSoftware Product web page: http://www.silisoftware.com Affected version: 1.2.7a-201108021626 Summary: backupDB is a PHP script that backs up MySQL tables and databases to a file...

Vulnerability Lab•added 2012/05/15 12:0 a.m.•28 views

Coupon Script v6.0 - SQL Injection Vulnerability

Document Title: =============== Coupon Script v6.0 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=572 Release Date: ============= 2012-05-15 Vulnerability Laboratory ID VL-ID: ==================================== 572 Common...

Exploit DB•added 2012/05/10 12:0 a.m.•20 views

Kerio WinRoute Firewall Web Server < 6 - Source Code Disclosure

Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure Google Dork: Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://winroute.ru/keriowinroutefirewall.htm Version: prior to 6 Tested on: Microsoft Windows CV...

myhack58•added 2012/03/27 12:0 a.m.•16 views

. the svn directory does not have permissions to restrict the use of loopholes in the summary(including the repair program)-vulnerability warning-the black bar safety net

The existing site use. svn to do a production environment version control, however. the svn directory does not have to do the access restrictions, you can through the. svn/entries to traverse the file and directory list. In order to save energy, I wrote a php scripthttp://rains.im/?q=node/18to do...

7AI score

ATTACKERKB•added 2012/03/19 6:55 p.m.•0 views

CVE-2011-5083

Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dotclear 2.3.1 and 2.4.2 allows remote attackers to execute arbitrary code by uploading a file with an executable PHP extension, then accessing it via a direct request to the file in an unspecified directory...

7.5CVSS6.2AI score0.04406EPSS

Exploits1References6

0day.today•added 2012/03/14 12:0 a.m.•10 views

Advanced POWER PACKED Freelancers CSRF

Exploit for php platform in category web applications Exploit Title: Advanced POWER PACKED Freelancers CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/advanced-power-packed-freelancers-script-php/22749/ Category:: webapps Demo :...

0day.today•added 2012/02/05 12:0 a.m.•131 views

Tube Ace(Adult PHP Tube Script) SQL Injection

Exploit for php platform in category web applications Exploit Title: Tube AceAdult PHP Tube Script SQL Injection Date: 05/02/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: Tube Ace http://www.tubeace.com Tested on: Lin...

seebug.org•added 2012/02/04 12:0 a.m.•40 views

PHP "crypt()"函数安全限制绕过漏洞

BUGTRAQ ID: 49376 CVE ID: CVE-2011-3189 PHP是一种在电脑上运行的脚本语言，主要用途是在于处理动态网页，包含了命令行运行接口或者产生图形用户界面程序。 PHP在crypt函数的实现上存在安全漏洞，攻击者可利用此漏洞绕过某些安全限制。 0 PHP PHP 5.3.7 PHP PHP 5.3.6 PHP PHP 5.3.5 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net HTTP Request: ==== POST...

4.3CVSS6.4AI score0.01272EPSS

Exploits2

Exploit DB•added 2012/01/09 12:0 a.m.•20 views

Paddelberg Topsite Script - Authentication Bypass

Exploit Title: Paddelberg's topsite-script admin auth bypass. Google Dork: intext:"powered by php scripte webmaster resource" Date: 8. 1. 2012 Author: Christian Inci Software Link: http://www.paddelberg.de/gratis-toplisten-script/gratis-download/ Version: = 1.23 22. 9. 2007 Tested on: 1.23 Vendor...