CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

6712 matches found

Exploit DB•added 2007/02/23 12:0 a.m.•22 views

XT:Commerce 3.04 - 'index.php' Local File Inclusion

source: https://www.securityfocus.com/bid/22698/info xt:Commerce is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. xt:Commerce 3.04 and prior...

Exploit DB•added 2007/02/22 12:0 a.m.•18 views

Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/22667/info Pyrophobia is prone to multiple input-validation vulnerabilities, including multiple local file-include issues and multiple cross-site scripting issues. An attacker can exploit these issues to steal cookie-based authentication credentials, view...

exploitpack•added 2007/02/19 12:0 a.m.•12 views

Spyce 2.1.3 - spyceexamplesrequest.spy?name Cross-Site Scripting

Spyce 2.1.3 - spyceexamplesrequest.spy?name Cross-Site Scripting source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execu...

exploitpack•added 2007/02/19 12:0 a.m.•32 views

Spyce 2.1.3 - spyceexamplesautomaton.spy Direct Request Error Message Information Disclosure

Spyce 2.1.3 - spyceexamplesautomaton.spy Direct Request Error Message Information Disclosure source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may...

exploitpack•added 2007/02/19 12:0 a.m.•15 views

Spyce 2.1.3 - docsexamplesredirect.spy Multiple Cross-Site Scripting Vulnerabilities

Spyce 2.1.3 - docsexamplesredirect.spy Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage...

exploitpack•added 2007/02/19 12:0 a.m.•15 views

Spyce 2.1.3 - spyceexamplesgetpost.spy?Name Cross-Site Scripting

Spyce 2.1.3 - spyceexamplesgetpost.spy?Name Cross-Site Scripting source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execu...

Exploit DB•added 2007/02/19 12:0 a.m.•19 views

Spyce 2.1.3 - 'spyce/examples/request.spy?name' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Exploit DB•added 2007/02/19 12:0 a.m.•22 views

Spyce 2.1.3 - 'spyce/examples/getpost.spy?Name' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Exploit DB•added 2007/02/19 12:0 a.m.•26 views

Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Exploit DB•added 2007/02/19 12:0 a.m.•21 views

Spyce 2.1.3 - '/docs/examples/redirect.spy' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Exploit DB•added 2007/02/19 12:0 a.m.•24 views

Spyce 2.1.3 - 'docs/examples/handlervalidate.spy?x' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Japan Vulnerability Notes•added 2007/02/14 12:0 a.m.•35 views

JVN#28356427 ColdFusion cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct a session hijacking. Solution Products Affected ColdFusion MX 7.X For more information, refer to the vendor's website...

4.3CVSS6.3AI score0.03019EPSS

Japan Vulnerability Notes•added 2007/02/09 12:0 a.m.•14 views

JVN#84430861 Sage vulnerable to arbitrary script execution

Impact An arbitrary script may be executed on Mozilla Firefox. For example, local files could be accessed. Solution Products Affected Sage 1.3.9 and earlier This vulnerability affects Sage++ as well. As of February 9, 2007, Sage++ is no longer available and is no longer being updated. It is...

OSV•added 2007/02/07 11:28 a.m.•0 views

DEBIAN-CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

4.3CVSS6.5AI score0.01796EPSS

Exploits1References1

OSV•added 2007/02/07 11:28 a.m.•5 views

CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

Exploits0References9

Japan Vulnerability Notes•added 2007/01/29 12:0 a.m.•13 views

JVN#80271113 MODx cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...

Japan Vulnerability Notes•added 2007/01/18 12:0 a.m.•16 views

JVN#95249468 Fresh Reader RSS feed cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution Products Affected Fresh Reader Ver 1.0.06053100 and earlier For more information, refer to the vendor's website...

Positive Technologies•added 2007/01/13 12:0 a.m.•2 views

PT-2007-1209 · Rapid · Rapid Classified

Name of the Vulnerable Software and Affected Versions: Rapid Classified version 3.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through various parameters in different scripts,...

6.8CVSS6AI score0.0213EPSS

Exploits1References12

CVE•added 2007/01/05 11:0 a.m.•48 views

CVE-2007-0082

This entry covers CVE-2007-0082 affecting IMGallery 2.5 and earlier. The vulnerability occurs in users_adm/start1.php where files with multiple extensions are not properly handled, allowing remote authenticated users to upload and execute arbitrary PHP scripts. The documented impact is partial co...

6.5CVSS7.1AI score0.01983EPSS

Exploits1References4Affected Software1

Exploit DB•added 2007/01/05 12:0 a.m.•22 views

EditTag 1.2 - 'mkpw.pl?plain' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21891/info EditTag is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in t...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by