Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1414 matches found

Tenable Nessus
Tenable Nessusadded 2005/08/30 12:0 a.m.31 views

GLSA-200508-14 : TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC

The remote host is affected by the vulnerability described in GLSA-200508-14 TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC The XML-RPC library shipped in TikiWiki and eGroupWare improperly handles XML-RPC requests and responses with malformed nested tags. Impact : A remote...

7.5CVSS6.1AI score0.05091EPSS
Exploits0References2
Gentoo Linux
Gentoo Linuxadded 2005/08/24 12:0 a.m.41 views

PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability

Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags...

7.5CVSS6.7AI score0.05091EPSS
Exploits0
securityvulns
securityvulnsadded 2005/08/19 12:0 a.m.70 views

Zorum 3.5 remote code execution poc exploit

Zorum 3.5 remote code execution poc exploit software: description: Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script execution. author site: http://zorum.phpoutsourcing.com/ 1...

8.7AI score
Exploits0
securityvulns
securityvulnsadded 2005/08/14 12:0 a.m.22 views

[EXPL] ezUpload path Parameter Command Execution (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Exploits0
securityvulns
securityvulnsadded 2005/08/13 12:0 a.m.29 views

[SA16398] PHP Designer 2005 NULL Character File Display Weakness

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Exploits0
Tenable Nessus
Tenable Nessusadded 2005/08/10 12:0 a.m.32 views

SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities

The remote host is running SysCP, an open source control panel written in PHP. The version of SysCP installed on the remote host uses user-supplied input to several variables in various scripts without sanitizing it. Provided PHP's 'registerglobals' setting is enabled, an attacker can exploit the...

7.5CVSS6.2AI score0.01572EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2005/08/08 12:0 a.m.19 views

SilverNews < 2.0.4 Multiple Vulnerabilities

The remote host is running SilverNews, a free news script written in PHP. The version of SilverNews installed on the remote host suffers from several flaws : - SQL Injection Vulnerability The application does not sanitize user-supplied input to the 'username' parameter of the 'admin.php' script...

7.5CVSS6.5AI score0.0153EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2005/08/04 12:0 a.m.84 views

AutoIndex PHP Script index.php search Parameter XSS

The remote host is running AutoIndex, a free PHP script for indexing files in a directory. The installed version of AutoIndex fails to properly sanitize user-supplied input to the 'search' parameter of the 'index.php' script. By leveraging this flaw, an attacker may be able to cause arbitrary HTM...

4.3CVSS5.7AI score0.01812EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2005/07/27 12:0 a.m.1148 views

Advanced Guestbook User-Agent Header HTML Injection

The remote host is running Advanced Guestbook, a free guestbook written in PHP. The installed version of Advanced Guestbook fails to properly sanitize the 'HTTPUSERAGENT' environment variable before using it in dynamically-generated content. An attacker can exploit this flaw to launch cross-site...

5.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2005/07/21 12:0 a.m.108 views

osCommerce update.php readme_file Parameter Arbitrary File Disclosure

The osCommerce installation on the remote host has a supplementary script, 'extras/update.php', that fails to validate user-supplied input to the 'readmefile' parameter before using that to display a file. An attacker can exploit this flaw to read arbitrary files on the remote host, such as the...

5CVSS5.8AI score0.096EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2005/07/11 12:0 a.m.53 views

GLSA-200507-08 : phpGroupWare, eGroupWare: PHP script injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-08 phpGroupWare, eGroupWare: PHP script injection vulnerability The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the 'POST' method. Impact : A remote attacke...

7.5CVSS6.1AI score0.79071EPSS
Exploits5References2
Tenable Nessus
Tenable Nessusadded 2005/07/11 12:0 a.m.1028 views

PPA functions.inc.php config[ppa_root_path] Parameter Remote File Inclusion

The remote host is running PPA, a free, PHP-based photo gallery. The installed version of PPA allows remote attackers to control the 'configpparootpath' variable used when including PHP code in the 'inc/functions.inc.php' script. By leveraging this flaw, an attacker may be able to view arbitrary...

7.5CVSS6AI score0.10074EPSS
Exploits1References2
securityvulns
securityvulnsadded 2005/07/07 12:0 a.m.32 views

[SA15928] AutoIndex PHP Script &quot;search&quot; Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.3AI score
Exploits0
NVD
NVDadded 2005/07/06 4:0 a.m.10 views

CVE-2005-2163

Cross-site scripting XSS vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter...

4.3CVSS5.8AI score0.01812EPSS
Exploits1References3
Tenable Nessus
Tenable Nessusadded 2005/07/06 12:0 a.m.24 views

Geeklog User Comment Retrieval SQL Injection

The installed version of Geeklog suffers from a SQL injection vulnerability due to the application's failure to sanitize user- supplied input via the 'order' parameter of the 'comment.php' script. By leveraging this flaw, an attacker may be able to recover sensitive information, such as password...

7.5CVSS5.7AI score0.01211EPSS
Exploits0References2
exploitpack
exploitpackadded 2005/07/05 12:0 a.m.18 views

AutoIndex PHP Script 1.5.2 - index.php Cross-Site Scripting

AutoIndex PHP Script 1.5.2 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14154/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...

6.8AI score
Exploits0
Exploit DB
Exploit DBadded 2005/07/05 12:0 a.m.19 views

AutoIndex PHP Script 1.5.2 - &#039;index.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/14154/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2005/07/05 12:0 a.m.55 views

GLSA-200507-02 : WordPress: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200507-02 WordPress: Multiple vulnerabilities James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several...

7.5CVSS5.9AI score0.79071EPSS
Exploits5References3
Tenable Nessus
Tenable Nessusadded 2005/07/05 12:0 a.m.64 views

GLSA-200507-01 : PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200507-01 PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the 'POST' method. Impac...

7.5CVSS6AI score0.79071EPSS
Exploits5References3
Gentoo Linux
Gentoo Linuxadded 2005/07/04 12:0 a.m.41 views

WordPress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site...

7.5CVSS7AI score0.79071EPSS
Exploits5
Rows per page
Query Builder