Lucene search
+L

27 matches found

0day.today
0day.today
added 2008/09/10 12:0 a.m.28 views

Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit

Exploit for unknown platform in category web applications ============================================================== Wordpress 2.6.1 SQL Column Truncation Admin Takeover Exploit ============================================================== !/usr/bin/php =5.2.1 you'll need to be as well, in...

7.1AI score
Exploits0
Prion
Prion
added 2007/12/17 6:46 p.m.21 views

Code injection

Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...

7.5CVSS7.8AI score0.02412EPSS
Exploits0References4Affected Software1
securityvulns
securityvulns
added 2006/10/21 12:0 a.m.56 views

[Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation

Hi, Kaspersky Products are prone to a local privilege escalation. Unprivileged users can exploit this flaw in order to execute arbitrary code with Kernel privileges. Kaspersky implements its NDIS-TDI Hooking Engine using two drivers, which rely on an internal system of plugins. Plugin registering...

1.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/09/08 12:0 a.m.32 views

PHP-Fusion extract() Global Variable Overwriting

The version of PHP-Fusion on the remote host supports registering variables from user-supplied input in the event that PHP's 'registerglobals' setting is disabled, which is the default in current versions of PHP. Unfortunately, the way that this has been implemented in the version on the remote...

2.6CVSS5.6AI score0.01146EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2006/06/26 12:0 a.m.31 views

bingbox.txt

Bingbox.com Homepage: http://www.bingbox.com Affected files: Profile input boxes: - City input Registering Viewing Birthdays Adding a friend Viewing people online ----------------------------------------------- XSS with cookie disclosure via inviting friends:...

7.4AI score
Exploits0
Prion
Prion
added 2006/05/03 10:2 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in Russcom Network Loginphp Russcom.Loginphp allows remote attackers to inject arbitrary web script or HTML via the username field when registering...

4.3CVSS6.1AI score0.0118EPSS
Exploits0References5
NVD
NVD
added 2006/05/03 10:2 a.m.20 views

CVE-2006-2160

Cross-site scripting XSS vulnerability in Russcom Network Loginphp Russcom.Loginphp allows remote attackers to inject arbitrary web script or HTML via the username field when registering...

4.3CVSS5.7AI score0.0118EPSS
Exploits0References5
Rows per page
Query Builder