CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1756 matches found

Packet Storm•added 2016/04/20 12:0 a.m.•32 views

phpMyFAQ 2.8.26 / 2.9.0-RC2 Cross Site Request Forgery

Advisory ID: HTB23300 Product: phpMyFAQ Vendor: http://www.phpmyfaq.de Vulnerable Versions: 2.8.26, 2.9.0-RC2 and probably prior Tested Version: 2.8.26, 2.9.0-RC2 Advisory Publication: March 30, 2016 without technical details Vendor Notification: March 30, 2016 Vendor Patch: April 11, 2016 Public...

0.9AI score

Exploits0

FreeBSD•added 2016/04/11 12:0 a.m.•14 views

phpmyfaq -- cross-site request forgery vulnerability

The phpMyFAQ team reports: The vulnerability exists due to application does not properly verify origin of HTTP requests in "Interface Translation" functionality.: A remote unauthenticated attacker can create a specially crafted malicious web page with CSRF exploit, trick a logged-in administrator...

1.6AI score

Exploits0References2

htbridge•added 2016/03/30 12:0 a.m.•501 views

RCE via CSRF in phpMyFAQ

High-Tech Bridge Security Research Lab discovered a high-risk security vulnerability in a popular multilingual FAQ software phpMyFAQ. A remote attacker can execute arbitrary PHP code on vulnerable system via CSRF attack against website administrator and completely compromise vulnerable web...

7.8AI score

Exploits0Affected Software1

Packet Storm•added 2015/12/21 12:0 a.m.•27 views

phpMyFAQ 2.7.9 PHP Code Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : http://0day.today 0 1 + Support e-mail :...

0.5AI score

Exploits0

seebug.org•added 2014/09/18 12:0 a.m.•20 views

phpMyFAQ 2.8.X - Multiple Vulnerabilities

No description provided by source. Title: phpMyFAQ 2.8.X - Multiple Vulnerabilities Vendor: phpmyfaq.de Date: 04.09.19 Version: = 2.8.12 Latest ATM Tested on: Apache 2.2 / PHP 5.4 / Linux Contact: smash at devilteam.pl 1 Persistent XSS Administrator is able to view information about specific user...

7.1AI score

Exploits0

exploitpack•added 2014/09/08 12:0 a.m.•46 views

phpMyFAQ 2.8.x - Multiple Vulnerabilities

phpMyFAQ 2.8.x - Multiple Vulnerabilities Title: phpMyFAQ 2.8.X - Multiple Vulnerabilities Vendor: phpmyfaq.de Date: 04.09.19 Version: = 2.8.12 Latest ATM Tested on: Apache 2.2 / PHP 5.4 / Linux Contact: smash at devilteam.pl 1 Persistent XSS Administrator is able to view information about specif...

7.6AI score

Exploits0

Exploit DB•added 2014/09/08 12:0 a.m.•23 views

phpMyFAQ 2.8.x - Multiple Vulnerabilities

Title: phpMyFAQ 2.8.X - Multiple Vulnerabilities Vendor: phpmyfaq.de Date: 04.09.19 Version: = 2.8.12 Latest ATM Tested on: Apache 2.2 / PHP 5.4 / Linux Contact: smash at devilteam.pl 1 Persistent XSS Administrator is able to view information about specific user session in 'Statistic' tab. Over...

7AI score

Exploits0

0day.today•added 2014/09/04 12:0 a.m.•32 views

phpMyFAQ 2.8.X - Multiple Vulnerabilities

Latest phpMyFAQ software suffers on multiple CSRF and XSS vulnerabilities, uh. Title: phpMyFAQ 2.8.X - Multiple Vulnerabilities Vendor: phpmyfaq.de Date: 04.09.19 Version: = 2.8.12 Latest ATM Tested on: Apache 2.2 / PHP 5.4 / Linux Contact: smash at devilteam.pl 1 Persistent XSS Administrator is...

6.6AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•13 views

PHPMyFAQ 1.5.1 Logs Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14930/info PHPMyFAQ is prone to an unauthorized access vulnerability. A remote attacker can exploit this vulnerability to view the application log file. This vulnerability could lead to the disclosure of various valid...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•9 views

PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14928/info PHPMyFAQ is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•17 views

phpMyFAQ <= 2.7.0 (ajax_create_folder.php) Remote Code Execution

No description provided by source. ?php / ------------------------------------------------------------------------ phpMyFAQ = 2.7.0 ajaxcreatefolder.php Remote Code Execution Exploit ------------------------------------------------------------------------ author............: Egidio Romano aka Egi...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•15 views

phpMyFAQ <= 1.6.7 - Remote SQL Injection / Command Execution Exploit

No description provided by source. !/usr/bin/php5-cgi -q ? / Sql injection / remote command execution exploit for phpmyfaq 1.6.8 Bugtraq: http://www.securityfocus.com/bid/21944 CVS:...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•7 views

PHPMyFAQ 1.5.1 Password.PHP SQL Injection Vulnerabililty

No description provided by source. source: http://www.securityfocus.com/bid/14927/info phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query. This vulnerability could permit remo...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•16 views

phpMyFAQ 2.5.4 and Prior Multiple Cross Site Scripting Vulnerabilities

漏洞信息： phpMyFAQ是一个多语言，完全数据库驱动的FAQ系统。它支持多种数据库来存储所有数据。 phpMyFAQ的脚本index.php中存在多个跨站脚本攻击漏洞。漏洞影响： phpMyFAQ phpMyFAQ 2.5.4 phpMyFAQ phpMyFAQ 2.5.2 phpMyFAQ phpMyFAQ 2.5.1 phpMyFAQ phpMyFAQ 2.5 -dev phpMyFAQ phpMyFAQ 2.5 漏洞分析：...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•8 views

phpMyFAQ <= 1.5.1 (User-Agent) Remote Shell Injection Exploit

No description provided by source. ?php 17.34 22/09/2005 phpmyfaqxpl.php PhpMyFaq 1.5.1 possibly prior versions shell inject by rgod site: http://rgod.altervista.org make these changes in your php.ini if you have troubles to launch this script: allowcalltimepassreference = on registerglobals = on...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•10 views

PHPMyFAQ 1.5.1 - Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14929/info PHPMyFAQ is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

7.1AI score

Exploits0

NVD•added 2014/02/14 4:55 p.m.•11 views

CVE-2014-0814

Cross-site scripting XSS vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.6AI score0.00532EPSS

Exploits0References6

Prion•added 2014/02/14 4:55 p.m.•18 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings...

6.8CVSS7.7AI score0.00386EPSS

Exploits0References7Affected Software1

Prion•added 2014/02/14 4:55 p.m.•13 views

Cross site scripting

Cross-site scripting XSS vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.00532EPSS

Exploits0References6Affected Software1

CVE•added 2014/02/14 4:0 p.m.•46 views

CVE-2014-0814

CVE-2014-0814 describes a cross-site scripting vulnerability in phpMyFAQ before 2.8.6. The issue allows remote attackers to inject arbitrary web script or HTML through unspecified vectors, due to insufficient input sanitization in the affected software. The vulnerability affects versions 2.8.5 an...

4.3CVSS5.7AI score0.00532EPSS

Exploits0References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by