Lucene search
K

3014 matches found

Cvelist
Cvelist
added 2008/06/10 6:0 p.m.17 views

CVE-2008-2646

Multiple cross-site scripting XSS vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the 1 sql parameter to dbadd.inc.php, 2 InsertJournal parameter to addjournalmask.inc.php, 3 InsertBibliography parameter to insertmask.inc.php, and 4 LabelYear...

5.8AI score0.01445EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2008/06/09 12:0 a.m.23 views

fastfree-rfi.txt

Fast Free Media Script Remote Code Ýnjection Exploit Coded By Liz0ziM Web:www.biyosecurity.com Dork:"Powered by FastFreeMedia.com" & inurl:cat-1-p0.html & inurl:page.php?page=topvids & inurl:page.php?page=topgames TARGET HOST: Example:www.sexwhispers.com TARGET PATH: Example:/ or /scriptpath/ ADM...

7.4AI score
Exploits0
CVE
CVE
added 2008/06/04 7:17 p.m.119 views

CVE-2008-1947

CVE-2008-1947 is an XSS vulnerability in Apache Tomcat, affecting 5.5.9–5.5.26 and 6.0.0–6.0.16. It allows remote attackers to inject arbitrary web script or HTML via the name parameter (the hostname attribute) to host-manager/html/add. The connected documents confirm the affected product/version...

4.3CVSS6.6AI score0.09776EPSS
Exploits2References52Affected Software1
seebug.org
seebug.org
added 2008/04/09 12:0 a.m.21 views

F5 BIG-IP管理接口NEW_VALUE参数远程代码注入漏洞

BUGTRAQ ID: 28639 F5 BIG-IP是集成了网络流量管理、应用程序安全管理器、负载均衡等功能的多合一网络设备。 BIG-IP的配置工具实现上存在输入验证漏洞,远程攻击者可能利用此漏洞在系统上执行任意命令。 Web管理接口和CLI所使用的F5 BIG-IP重新配置工具没有正确地过滤某些重新配置请求,如果登录用户拥有Resource Manager或Administrator权限的话,就可以注入任意Perl代码,生成Unix shell命令并以root用户权限执行。 这个漏洞的起因是未经转义NEWVALUE中的单引号便使用了包含有类似于以下内容模板的Perl EP3:...

6.9AI score
Exploits0
Prion
Prion
added 2008/04/04 12:44 a.m.21 views

Code injection

The Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine...

9.3CVSS7.2AI score0.02246EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2008/04/02 5:0 p.m.46 views

CVE-2008-1621

GeegCarts is affected by CVE-2008-1621 with malicious scripts injectable through the id parameter to show.php, search.php, and view.php. The issue is described as multiple cross-site scripting (XSS) vulnerabilities that could allow remote attackers to inject arbitrary web script or HTML. Affected...

4.3CVSS5.7AI score0.01476EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2008/03/10 5:44 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in MG2 formerly Minigal allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action...

4.3CVSS6.1AI score0.01189EPSS
Exploits1References2
CVE
CVE
added 2008/03/10 5:0 p.m.43 views

CVE-2008-1225

WebCT Campus Edition 4.1.5.8 contains multiple XSS vulnerabilities when “Don’t wrap text” is enabled, allowing remote authenticated users to inject arbitrary script/HTML via a mail message or discussion board message. Root cause is input handling in the discussion/mail features; exploit details a...

4.3CVSS5.4AI score0.01706EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2008/03/06 12:44 a.m.17 views

CVE-2008-1183

Multiple cross-site scripting XSS vulnerabilities in Crafty Syntax Live Help CSLH before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 livehelp.php, 2 userquestions.php, and 3 leavemessage.php. NOTE: the lostsheep.php vector is covered by...

4.3CVSS5.7AI score0.01033EPSS
Exploits0References4
Cvelist
Cvelist
added 2008/02/21 7:0 p.m.22 views

CVE-2008-0872

Cross-site scripting XSS vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message...

5.6AI score0.0172EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2008/02/15 12:0 a.m.6 views

CVE-2008-0642

Cross-site scripting XSS vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a 1 WebHelp5 WebHelp5Ext or 2 WildFire WildFireExt extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than...

6.2AI score0.01281EPSS
Exploits0References5
CVE
CVE
added 2008/02/15 12:0 a.m.52 views

CVE-2008-0642

CVE-2008-0642 describes a cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, potentially involving WebHelp5 (WebHelp5Ext) or WildFire (WildFireExt) extensions. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors and is...

6.1CVSS5.8AI score0.01281EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2008/02/14 11:0 p.m.12 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via 1 the viewtype parameter to graph.php; 2 the filter parameter to graphview.php; 3 the action parameter to the drawnavigationtext...

4.3CVSS6AI score0.05246EPSS
Exploits1References22Affected Software1
securityvulns
securityvulns
added 2008/02/05 12:0 a.m.54 views

[OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed

======================================================================== Openads security advisory OPENADS-SA-2008-001 ------------------------------------------------------------------------ Advisory ID: OPENADS-SA-2008-001 Date: 2008-Feb-04 Security risk: Critical Applications affetced: Openads...

2.2AI score
Exploits0
Prion
Prion
added 2008/02/01 8:0 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter...

4.3CVSS6.1AI score0.01073EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2008/01/28 11:0 p.m.39 views

CVE-2008-0409

Cross-site scripting XSS vulnerability in HTTP File Server HFS before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL...

5.5AI score0.01343EPSS
Exploits7References8
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.28 views

Debian Security Advisory DSA 925-1 (phpbb2)

The remote host is missing an update to phpbb2 announced via advisory DSA 925-1. Several vulnerabilities have been discovered in phpBB, a fully featured and skinnable flat webforum, The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3310 Multiple...

7.5CVSS0.6AI score0.02367EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.38 views

Debian Security Advisory DSA 775-1 (mozilla)

The remote host is missing an update to mozilla announced via advisory DSA 775-1. A vulnerability has been discovered in Mozilla and Mozilla Firefox that allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site. Thunderbird is not affected by this and...

7.5CVSS0.6AI score0.02589EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.11 views

Debian: Security Advisory (DSA-988-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.7AI score0.02296EPSS
Exploits1References3
NVD
NVD
added 2008/01/04 11:46 a.m.10 views

CVE-2007-6652

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...

7.5CVSS7.8AI score0.04154EPSS
Exploits0References4
Rows per page
Query Builder