Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

100 matches found

NVD
NVDadded 2005/07/13 4:0 a.m.11 views

CVE-2005-2253

SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description...

7.5CVSS7.5AI score0.00518EPSS
Exploits1References2
Cvelist
Cvelistadded 2005/07/13 4:0 a.m.16 views

CVE-2005-2255

Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to 1 index.php or 2 admin/index.php...

6.2AI score0.00265EPSS
Exploits1References2
CVE
CVEadded 2005/07/13 4:0 a.m.47 views

CVE-2005-2255

CVE-2005-2255 describes a directory traversal in PhpAuction 2.5 where an attacker can manipulate the lan parameter in index.php or admin/index.php to read arbitrary files, include local PHP files, or glean sensitive path information. The root cause is improper validation of the lan parameter allo...

6.4CVSS6.3AI score0.00265EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2005/07/13 4:0 a.m.17 views

CVE-2005-2253

SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description...

7.5AI score0.00518EPSS
Exploits1References2
NVD
NVDadded 2005/07/13 4:0 a.m.12 views

CVE-2005-2254

Multiple cross-site scripting XSS vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to 1 index.php or 2 admin/index.php, or 3 the auctionid parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not...

4.3CVSS5.8AI score0.00389EPSS
Exploits1References2
NVD
NVDadded 2005/07/13 4:0 a.m.8 views

CVE-2005-2252

PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTIONRMID cookie to the user ID...

7.5CVSS7.2AI score0.00472EPSS
Exploits0References2
Cvelist
Cvelistadded 2005/07/13 4:0 a.m.15 views

CVE-2005-2252

PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTIONRMID cookie to the user ID...

7.2AI score0.00472EPSS
Exploits0References2
CVE
CVEadded 2005/07/13 4:0 a.m.43 views

CVE-2005-2252

Summary (CVE-2005-2252): PhpAuction 2.5 is affected by an authentication bypass vulnerability where an attacker can set the PHPAUCTION_RM_ID cookie to a target user’s ID to gain privileges as that user. The Nessus plugin PHPAUCTION_MULT_VULNS.NASL documents this issue among others (e.g., RCE, SQL...

7.5CVSS7.2AI score0.00472EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2005/07/13 4:0 a.m.18 views

CVE-2005-2255

Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to 1 index.php or 2 admin/index.php...

6.4CVSS6.2AI score0.00265EPSS
Exploits1References2
CVE
CVEadded 2005/07/13 4:0 a.m.40 views

CVE-2005-2254

The connected NASL/Nessus entry confirms CVE-2005-2254 affects Phpauction

4.3CVSS5.8AI score0.00389EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2005/07/13 4:0 a.m.43 views

CVE-2005-2253

CVE-2005-2253 is a SQL injection in PhpAuction 2.5, where an attacker can modify SQL queries through the category parameter in adsearch.php. Root cause: unsanitized input used in database queries. Affected: PhpAuction 2.5. Impact: as described by CVE/NVD (base score 7.5, HIGH). Exploitation detai...

7.5CVSS7.5AI score0.00518EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2005/07/07 12:0 a.m.13 views

PHPAUCTION Multiple Vulnerabilities

Binary data 3055.prm...

6.4CVSS7.3AI score0.00265EPSS
Exploits1References1
Packet Storm
Packet Stormadded 2005/07/07 12:0 a.m.21 views

phpAuctionMulti.txt

This is a multi-part message in MIME format. ------=NextPart000000901C58325.6436F8C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable -------------------------------------------------------------------------= ------- Dcrab 's Security Advisory...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2005/07/07 12:0 a.m.25 views

phpAuction 2.5 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/14184/info PHPAuction is affected by multiple remote vulnerabilities. These issues can allow an attacker to gain unauthorized access to a site and carry out SQL injection and cross-site scripting attacks. PHPAuction 2.5 is reported to be affected by these...

7AI score
Exploits0
exploitpack
exploitpackadded 2005/07/07 12:0 a.m.24 views

phpAuction 2.5 - Multiple Vulnerabilities

phpAuction 2.5 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/14184/info PHPAuction is affected by multiple remote vulnerabilities. These issues can allow an attacker to gain unauthorized access to a site and carry out SQL injection and cross-site scripting attacks. PHPAucti...

0.6AI score
Exploits0
CVE
CVEadded 2003/04/02 5:0 a.m.149 views

CVE-2002-0995

PHPAuction's login.php is vulnerable: a direct call with action=insert allows remote attackers to add a username to the adminUsers table, effectively gaining privileges. The CVE entry documents this privilege escalation and labels it high severity (CVSS v2 base score 7.5). The provided sources co...

7.5CVSS7.3AI score0.07134EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2003/04/02 5:0 a.m.15 views

CVE-2002-0995

login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table...

6.9AI score0.07134EPSS
Exploits1References4
NVD
NVDadded 2002/10/04 4:0 a.m.18 views

CVE-2002-0995

login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table...

7.5CVSS6.9AI score0.07134EPSS
Exploits1References4
Exploit DB
Exploit DBadded 2002/07/02 12:0 a.m.108 views

phpAuction 1/2 - Unauthorized Administrative Access

source: https://www.securityfocus.com/bid/5141/info PhpAuction is a freely available web-based auction system. It is written using PHP scripting language on a MySQL database engine. A flaw in /admin/login.php has been reported in PHPAuction, which could allow users to gain escalated privileges...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2002/07/02 12:0 a.m.12 views

phpAuction 12 - Unauthorized Administrative Access

phpAuction 12 - Unauthorized Administrative Access source: https://www.securityfocus.com/bid/5141/info PhpAuction is a freely available web-based auction system. It is written using PHP scripting language on a MySQL database engine. A flaw in /admin/login.php has been reported in PHPAuction, whic...

1.3AI score
Exploits0
Rows per page
Query Builder