CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

633 matches found

Prion•added 2008/06/30 6:24 p.m.•19 views

Sql injection

SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The queid parameter to forumanswer.php is already covered by CVE-2007-4085...

7.5CVSS8.7AI score0.00541EPSS

Exploits2References4Affected Software1

Packet Storm•added 2008/06/21 12:0 a.m.•21 views

phpauction-sql.txt

Viva IslaM Viva IslaM Remote SQL Injection Vulnerability PHPAuction profile.php userid AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM & WwW.ATsDp.CoM Email : [email protected] !! SYRIAN HaCkErS !! Script : PHPAuction site : www.phpauctions.info D0rk1 : allinurl: "profile.php?userid" auctionid D0rk2 :...

7.4AI score

Exploits0

seebug.org•added 2008/06/21 12:0 a.m.•44 views

PHPAuction (profile.php user_id) Remote SQL Injection Vulnerability

No description provided by source. Viva IslaM Viva IslaM Remote SQL Injection Vulnerability PHPAuction profile.php userid AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM & WwW.ATsDp.CoM Email : [email protected] !! SYRIAN HaCkErS !! Script : PHPAuction site : www.phpauctions.info D0rk1 : allinurl:...

7.1AI score

Exploits0

Exploit DB•added 2008/06/21 12:0 a.m.•16 views

phpAuction - 'profile.php' SQL Injection (2)

source: https://www.securityfocus.com/bid/29856/info PHPAuction is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

7.4AI score

Exploits0

Exploit DB•added 2008/06/20 12:0 a.m.•61 views

phpAuction - 'profile.php' SQL Injection (1)

7.4AI score

Exploits0

0day.today•added 2008/06/20 12:0 a.m.•66 views

PHPAuction (profile.php user_id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================================== PHPAuction profile.php userid Remote SQL Injection Vulnerability =================================================================== Viva IslaM Viva IslaM Remote SQL...

7.1AI score

Exploits0

exploitpack•added 2008/06/20 12:0 a.m.•26 views

phpAuction - profile.php SQL Injection (1)

phpAuction - profile.php SQL Injection 1 Viva IslaM Viva IslaM Remote SQL Injection Vulnerability PHPAuction profile.php userid AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM & WwW.ATsDp.CoM Email : [email protected] !! SYRIAN HaCkErS !! Script : PHPAuction site : www.phpauctions.info D0rk1 : allinurl:...

0.5AI score

Exploits0

Prion•added 2008/05/27 2:32 p.m.•12 views

Sql injection

Multiple SQL injection vulnerabilities in Web Group Communication Center WGCC 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 userid parameter to a profile.php in a "show moreinfo" action; the 2 bildid parameter to b picturegallery.php i...

7.5CVSS8.8AI score0.00541EPSS

Exploits1References4Affected Software1

CVE•added 2008/05/27 2:0 p.m.•34 views

CVE-2008-2446

CVE-2008-2446 affects Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier. Multiple SQL injection vulnerabilities allow arbitrary SQL execution via parameters in several actions: (1) userid in profile.php (show moreinfo), (2) bildid in picturegallery.php (shownext), (3) id in fil...

7.5CVSS8AI score0.00541EPSS

Exploits1References4Affected Software1

Cvelist•added 2008/05/27 2:0 p.m.•22 views

CVE-2008-2446

8AI score0.00541EPSS

Exploits1References4

Prion•added 2008/05/14 6:20 p.m.•8 views

Directory traversal

Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the settingslocale parameter to 1 forum.php and 2 profile.php in infusions/ranksystem/. NOTE: the provenance of this information i...

6.8CVSS7.6AI score0.01926EPSS

Exploits1References4Affected Software1

Cvelist•added 2008/05/14 6:0 p.m.•16 views

CVE-2008-2227

7AI score0.01926EPSS

Exploits1References4

CVE•added 2008/02/21 12:0 a.m.•44 views

CVE-2008-0851

CVE-2008-0851 affects Dokeos 1.8.4 with multiple cross-site scripting (XSS) vulnerabilities. Remote attackers can inject arbitrary web script/HTML via (1) username in inscription.php, (2) courseCode in main/calendar/myagenda.php, (3) category in main/admin/course_category.php, (4) message in main...

4.3CVSS5.8AI score0.0313EPSS

Exploits1References7Affected Software1

Prion•added 2008/01/09 10:46 p.m.•9 views

Sql injection

SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page possibly profile.php...

7.5CVSS9.1AI score0.0055EPSS

Exploits0References5Affected Software1

NVD•added 2007/10/30 9:46 p.m.•13 views

CVE-2007-5724

Multiple cross-site scripting XSS vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via 1 the categoryid parameter to users/kb.php, and possibly 3 the Email Box field in profile.php...

4.3CVSS5.9AI score0.02624EPSS

Exploits1References6

Cvelist•added 2007/10/23 1:0 a.m.•15 views

CVE-2003-1458

SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name...

8.4AI score0.00492EPSS

Exploits1References4

CVE•added 2007/10/23 1:0 a.m.•45 views

CVE-2003-1458

CVE-2003-1458 affects ttCMS 2.2 and ttForum via a SQL injection vulnerability in Profile.php, exploitable through the member name to execute arbitrary SQL commands. The vulnerability is remote and the documented impact is partial confidentiality, integrity, and availability. Exploitation details ...

7.5CVSS8.4AI score0.00492EPSS

Exploits1References4Affected Software2

Prion•added 2007/09/21 7:17 p.m.•20 views

Cross site scripting

Cross-site scripting XSS vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profileinfo editprofile action...

4.3CVSS6.1AI score0.00409EPSS

Exploits0References5Affected Software1

NVD•added 2007/09/21 7:17 p.m.•11 views

CVE-2007-5033

Cross-site scripting XSS vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profileinfo editprofile action...

4.3CVSS5.7AI score0.00409EPSS

Exploits0References5

CVE•added 2007/09/21 6:0 p.m.•40 views

CVE-2007-5033

The provided data confirms CVE-2007-5033 is an XSS vulnerability in profile.php of phpBB XS 2. The flaw allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action. Affected component: profile.php in phpBB XS 2; root cause: insuffi...

4.3CVSS5.7AI score0.00409EPSS

Exploits0References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by