Lucene search
K

38 matches found

seebug.org
seebug.org
added 2008/11/22 12:0 a.m.14 views

Ez Ringtone Manager Multiple Remote File Disclosure Vulnerabilities

No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Ez Ringtone Manager Multiple Vulnerabilities + + + + Discovered by b3hz4d + + + + WwW.DeltaHacking.Net + + + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/11/22 12:0 a.m.38 views

Ez Ringtone Manager - Multiple Remote File Disclosure Vulnerabilities

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Ez Ringtone Manager Multiple Vulnerabilities + + + + Discovered by b3hz4d + + + + WwW.DeltaHacking.Net + + + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ APA Center of Yazd University...

7AI score
Exploits0
Prion
Prion
added 2008/05/08 4:20 p.m.17 views

Directory traversal

Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. dot dot in the 1 te and 2 dir parameters in a tempedit action...

4.4CVSS7.2AI score0.0254EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2008/05/08 4:0 p.m.24 views

CVE-2008-2116

Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. dot dot in the 1 te and 2 dir parameters in a tempedit action...

6.7AI score0.0254EPSS
Exploits0References5
CVE
CVE
added 2008/05/08 4:0 p.m.45 views

CVE-2008-2116

CVE-2008-2116 affects ScriptsEZ.net Power Editor 2.0: directory traversal in editor.php allows reading arbitrary local files via a .. sequence in the te and dir parameters of the tempedit action. Root cause is improper input handling of path traversal; impact is partial confidentiality/integrity/...

4.4CVSS6.8AI score0.0254EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2008/05/08 4:0 p.m.53 views

CVE-2008-2115

CVE-2008-2115 concerns multiple cross-site scripting (XSS) vulnerabilities in editor.php of ScriptsEZ.net Power Editor 2.0. The flaws allow remote attackers to inject arbitrary web script or HTML via the te and dir parameters in a tempedit action. NVD records a base score of 4.3 (MEDIUM) with net...

4.3CVSS5.8AI score0.0149EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2007/02/24 1:28 a.m.13 views

CVE-2006-7059

Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities &0000039 in IMG tags to 1 messages, 2 profile fields, or 3 the id parameter in a dologin operation to cindex.php...

4.3CVSS5.8AI score0.01107EPSS
Exploits1References5
NVD
NVD
added 2007/02/24 1:28 a.m.9 views

CVE-2006-7060

cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message...

5CVSS6.5AI score0.01309EPSS
Exploits1References3
CVE
CVE
added 2007/02/24 1:0 a.m.34 views

CVE-2006-7060

The CVE-2006-7060 entry concerns the Scriptsez.net E-Dating System, specifically the file/component cindex.php. Affected behavior is a remote disclosure where an invalid id parameter in a dologin action causes an error message that reveals the full filesystem path, leading to potential informatio...

5CVSS6.9AI score0.01309EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2007/02/24 1:0 a.m.35 views

CVE-2006-7059

CVE-2006-7059 affects Scriptsez.net E-Dating System. The issue is multiple cross-site scripting (XSS) vulnerabilities that let remote attackers inject arbitrary script/HTML via encoded entities (&#0000039) in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin opera...

4.3CVSS6AI score0.01107EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2007/02/24 1:0 a.m.17 views

CVE-2006-7060

cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message...

6.5AI score0.01309EPSS
Exploits1References3
Cvelist
Cvelist
added 2007/02/24 1:0 a.m.19 views

CVE-2006-7061

Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting XSS attacks...

5.8AI score0.01796EPSS
Exploits0References3
CVE
CVE
added 2007/02/24 1:0 a.m.46 views

CVE-2006-7061

CVE-2006-7061 affects Scriptsez.net E-Dating System. The vulnerability stems from storing data files with predictable names under the web document root and insufficient access control, enabling remote attackers to read private messages and potentially leverage them for XSS. The connected document...

9.3CVSS6.1AI score0.01796EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/02/24 1:0 a.m.18 views

CVE-2006-7059

Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities &0000039 in IMG tags to 1 messages, 2 profile fields, or 3 the id parameter in a dologin operation to cindex.php...

5.8AI score0.01107EPSS
Exploits1References5
NVD
NVD
added 2007/02/15 2:28 a.m.10 views

CVE-2007-0952

Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the 1 t and 2 yr parameters, and the 3 sho parameter when the m parameter is outside the intended range...

6.8CVSS5.8AI score0.01146EPSS
Exploits0References4
Prion
Prion
added 2007/02/15 2:28 a.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the 1 t and 2 yr parameters, and the 3 sho parameter when the m parameter is outside the intended range...

6.8CVSS6.1AI score0.01146EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/02/15 2:0 a.m.16 views

CVE-2007-0952

Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the 1 t and 2 yr parameters, and the 3 sho parameter when the m parameter is outside the intended range...

5.8AI score0.01146EPSS
Exploits0References4
securityvulns
securityvulns
added 2006/06/09 12:0 a.m.25 views

E-Dating System from scriptsez.net - XSS

E-Dating System Homepage: http://www.scriptsez.net/ Effected files: Input boxes. cindex.php Description: A Professional dating system that uses flatfiles instead of MySQL. XSS Vulnerabilities PoC: The input boxes of sending a message, and editing your profile do not properally filter user input...

6AI score
Exploits0
Rows per page
Query Builder