CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

43 matches found

OpenVAS•added 2011/04/01 12:0 a.m.•21 views

WordPress BackWPup Plugin < 1.7.1 'wpabs' Parameter Remote PHP Code Execution Vulnerability - Active Check

WordPress BackWPup Plugin is prone to a remote PHP code execution vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7AI score0.10403EPSS

Exploits1References3

Exploit DB•added 2011/03/11 12:0 a.m.•31 views

N`CMS 1.1E - Local File Inclusion / Remote Code

!/usr/bin/python INFORMATION Exploit Title: NCMS 1.1E Pre-Auth Local File Inclusion Remote Code Exploit Date: 11/3/2011 Software link: http://bit.ly/eJAyw5 Tested on: Linux bt Version: 1.1E PHP.ini Settings: gpcmagicquotes = Off Note: The web application was lucky to not be exploited by session...

Packet Storm•added 2011/01/16 12:0 a.m.•34 views

Attachmax Dolphin 2.1.0 Remote File Inclusion / SQL Injection

Author : ph03nix Date : january 2011 Location : Indonesia Web : http://www.pho3nix.co.tv Critical Lvl : High Impact : System access Where : From Remote --------------------------------------------------------------------------- Affected software description: Application : Attachmax Dolphin versio...

Packet Storm•added 2009/12/30 12:0 a.m.•20 views

Datenator 0.3.0 SQL Injection

Exploit Title: Datenator 0.3.0 event.php id SQL Injection Date: 26.12.09 Author: TheHuliGun Look on code in event.php: 22: ifisset$GET'id' 23: 24: $event = $datenator-readeventinfo$GET'id'; Function readeventinfo is in file includes/functions.php 412: function readeventinfo$eventid 413: 414: $sql...

seebug.org•added 2009/12/26 12:0 a.m.•25 views

Datenator 0.3.0 (event.php id) SQL Injection

No description provided by source. Exploit Title: Datenator 0.3.0 event.php id SQL Injection Date: 26.12.09 Author: TheHuliGun Look on code in event.php: 22: ifisset$GET'id' 23: 24: $event = $datenator-readeventinfo$GET'id'; Function readeventinfo is in file includes/functions.php 412: function...

myhack58•added 2009/09/08 12:0 a.m.•22 views

Php168 v6 mention the right vulnerability-vulnerability warning-the black bar safety net

? php printr' +---------------------------------------------------------------------------+ Php168 v6. 0 update user access exploit +---------------------------------------------------------------------------+ '; / works regardless of php. ini settings / if $argc 5 printr'...

seebug.org•added 2009/06/01 12:0 a.m.•38 views

Unclassified NewsBoard 1.6.4 Multiple Remote Vulnerabilities

No description provided by source. Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Log...

Exploit DB•added 2008/06/30 12:0 a.m.•47 views

Pivot 1.40.5 - Dreamwind 'load_template()' Credentials Disclosure

?php / Pivot 1.40.5 'Dreamwind' loadtemplate credentials disclosure exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.pivotlog.net/ Google dork: "by Pivot - 1.40.5" +'Dreadwind' -pivotlog.net vulnerability: search.php - lines 98-109: ... ...

securityvulns•added 2007/05/30 12:0 a.m.•38 views

cpcommerce < v1.1.0 [sql injection]

vendor site:http://cpcommerce.cpradio.org/ product:cpcommerce v1.1.0 bug: sql injection risk : high note:works regardless of php.ini settings . http://127.0.0.1/cpcommerce/manufacturer.php?idmanufacturer=-9//union//select//pass,LOADFILE0x2F6574632F706173737764,0//from//cpAccounts/ //result:...

0day.today•added 2007/04/29 12:0 a.m.•107 views

TCExam <= 4.0.011 (SessionUserLang) Shell Injection Exploit

Exploit for unknown platform in category web applications =========================================================== TCExam resource = array; // set selecteed language $this-language = strtoupper$language; // set filename for cache $this-cachefile = $cachefile; if fileexists$this-cachefile // re...

Exploit DB•added 2007/04/23 12:0 a.m.•19 views

Phorum 5.1.20 - '/include/controlcenter/users.php' Multiple Method Privilege Escalations

source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently...

seebug.org•added 2007/03/01 12:0 a.m.•27 views

CS-Gallery 2.0 (index.php album) Remote File Include Exploit

No description provided by source. ?php //File Inclusion Exploit for CSGallery = 2.0 //Found and Exploit Coded by burncycle - burncycleathotmaildotde //| //Vendor: http://www.cschneider.de/ //Dork: . www.cschneider.info //| //Bug in "index.php": //.. //$codefile=$POST'album'.'/code.php';...

0day.today•added 2007/02/26 12:0 a.m.•36 views

STWC-Counter <= 3.4.0 (downloadcounter.php) RFI Exploit

Exploit for unknown platform in category web applications ======================================================= STWC-Counter = 3.4.0 downloadcounter.php RFI Exploit ======================================================= ?php //File Inclusion Exploit for STWC-Counter = 3.4.0.0 //| //Vendor:...

Packet Storm•added 2006/10/20 12:0 a.m.•16 views

BoonexDolphin5.2.txt

// http://www.w4cking.com CREDIT: w4ck1ng.com PRODUCT: Boonex Dolphin 5.2 http://www.boonex.com/products/dolphin/ VULNERABILITY: Remote File Inclusion NOTES: - requires register globals on - requires magic quotes off POC: //templates/tmpldfl/scripts/index.php?dirinc= ADVISORY & EXPLOIT requires...

Exploit DB•added 2006/08/19 12:0 a.m.•64 views

Joomla! Component Poll 1.0.10 - Arbitrary Add Votes

Joomla poll component arbitrary add votes Joomla poll component arbitrary add votes by trueend5 Computer Security Researchers Institute KAPDA.ir hostname ex: www.sitename.com font color="...

Tenable Nessus•added 2006/07/17 12:0 a.m.•73 views

MyBB HTTP Header 'CLIENT-IP' Field SQLi

The version of MyBB installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'CLIENT-IP' request header before using it in a database query when initiating a session in the inc/classsession.php script. A remote attacker c...

7.5CVSS5.8AI score0.02436EPSS

Exploits1References4

exploitpack•added 2006/07/15 12:0 a.m.•17 views

MyBulletinBoard (MyBB) 1.1.5 - CLIENT-IP SQL Injection

MyBulletinBoard MyBB 1.1.5 - CLIENT-IP SQL Injection !/usr/bin/php -q -d shortopentag=on ? echo "MyBulletinBoard MyBB = 1.1.5 'CLIENT-IP' SQL injection / create new admin exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork, version specific:...

Tenable Nessus•added 2006/03/16 12:0 a.m.•300 views

Horde < 3.1 go.php url Parameter File Disclosure

Binary data 3477.prm...

5CVSS7AI score0.12174EPSS

Exploits1References1

Tenable Nessus•added 2005/09/20 12:0 a.m.•17 views

PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities

Binary data 3234.prm...

Exploits0References1

NVD•added 2004/12/31 5:0 a.m.•11 views

CVE-2004-1422

WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings...

5CVSS6.5AI score0.07888EPSS

Exploits3References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by