CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2005-0379

Malware in sbrugna...

4.3CVSS6.2AI score0.00504EPSS

Exploits1References6

Zero Day Initiative•added 2020/08/19 12:0 a.m.•23 views

(0Day) Horde Groupware Webmail Edition prefs sync_calendars Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within prefs.php. When parsing the synccalendars parameter, the process does not...

6.3CVSS5.1AI score

Exploits0

CVE•added 2007/10/17 1:0 a.m.•41 views

CVE-2003-1373

The provided documents describe CVE-2003-1373 as a vulnerability in PhpBB versions 1.4.0 through 1.4.4. The issue is a directory traversal that lets remote attackers read and include arbitrary files via dot-dot sequences followed by NULL (%00) characters in CGI parameters, demonstrated for the la...

6.8CVSS7.2AI score0.00155EPSS

Exploits0References3Affected Software1

Prion•added 2007/08/29 1:17 a.m.•14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in InterWorx Hosting Control Panel InterWorx-CP Webmaster Level SiteWorx 3.0.2 1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php; and allow remote authenticated users to inject arbitrary web script or HT...

4.3CVSS5.7AI score0.01007EPSS

Exploits0References22Affected Software1

NVD•added 2007/05/13 11:19 p.m.•8 views

CVE-2007-2636

Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to 1 index.php, 2 feed.php, 3 prefs.php, and 4 todolist.php; and 5 classTodoItem.php and 6 phpTodoUser.php in libs/. NOTE: some of these details are obtained fro...

6.8CVSS6.8AI score0.00823EPSS

Exploits0References4

UbuntuCve•added 2005/05/02 4:0 a.m.•26 views

CVE-2005-0378

Multiple cross-site scripting XSS vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 group parameter to prefs.php or 2 url parameter to index.php...

4.3CVSS5.9AI score0.00504EPSS

Exploits1References1

CVE•added 2005/04/21 4:0 a.m.•49 views

CVE-2001-1472

The CVE-2001-1472 entry describes a SQL injection in phpBB 1.4.0/1.4.1 through prefs.php via the viewemail parameter. This allows remote authenticated users to execute arbitrary SQL commands and gain administrative access. Affected: phpBB 1.4.0 and 1.4.1; vulnerability originates from the handlin...

4.6CVSS8.5AI score0.00835EPSS

Exploits1References4Affected Software1

Cvelist•added 2005/04/21 4:0 a.m.•16 views

CVE-2001-1471

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables 1 $lstatsblock in prefs.php or 2 $lprivnotify in auth.php from being properly initialized, which can be modified by the user and later...

8.8AI score0.01172EPSS

Exploits1References5

CVE•added 2005/04/21 4:0 a.m.•42 views

CVE-2001-1471

CVE-2001-1471 affects phpBB versions 1.4.0 and earlier. The root cause is an invalid language value in prefs.php (and related auth.php handling) that can let a remote authenticated user modify variables (e.g., $l_statsblock, $l_privnotify) and later use them in an eval, enabling arbitrary PHP cod...

8.8CVSS7.6AI score0.01172EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by