Lucene search
K

3278 matches found

NVD
NVD
added 2007/10/18 9:17 p.m.18 views

CVE-2007-5577

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.0.13 aka Sunglow allow remote attackers to inject arbitrary web script or HTML via the 1 Title or 2 Section Name form fields in the Section Manager component, or 3 multiple unspecified fields in New Menu Item...

4.3CVSS5.7AI score0.02151EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/10/18 9:0 p.m.30 views

CVE-2007-5577

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.0.13 aka Sunglow allow remote attackers to inject arbitrary web script or HTML via the 1 Title or 2 Section Name form fields in the Section Manager component, or 3 multiple unspecified fields in New Menu Item...

5.7AI score0.02151EPSS
Exploits0References7
CVE
CVE
added 2007/10/18 9:0 p.m.62 views

CVE-2007-5577

CVE-2007-5577 affects Joomla! (pre-1.0.13, aka Sunglow). The vulnerability allows remote XSS via the Section Manager’s Title/Section Name fields and multiple fields in New Menu Item, enabling injection of arbitrary script/HTML. Affected component/versions are stated; impact is client-side script ...

4.3CVSS5.7AI score0.02151EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/10/16 11:17 p.m.21 views

CVE-2007-5487

Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file...

9.3CVSS7.8AI score0.05757EPSS
Exploits1References5
xssed
xssed
added 2007/10/08 12:0 a.m.11 views

Unfixed XSS vulnerability at www.thirdage.com

Security researcher Darkster, has submitted on 10/08/2007 a cross-site-scripting XSS vulnerability affecting www.thirdage.com, which at the time of submission ranked 46001 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/08/2007. It is...

6.6AI score
Exploits0References1
Cvelist
Cvelist
added 2007/09/24 10:0 p.m.18 views

CVE-2007-5059

Multiple cross-site scripting XSS vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the 1 uname and 2 pass parameters in a login form, and 3 an unspecified "url value," leading to storage of XSS sequences in the...

5.4AI score0.01859EPSS
Exploits0References6
Prion
Prion
added 2007/09/10 9:17 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in Joomla! 1.5 before RC2 aka Endeleo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section...

4.3CVSS6.2AI score0.01279EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2007/09/10 9:17 p.m.17 views

CVE-2007-4779

Cross-site scripting XSS vulnerability in Joomla! 1.5 before RC2 aka Endeleo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section...

4.3CVSS5.8AI score0.01279EPSS
Exploits1References6
Cvelist
Cvelist
added 2007/09/10 9:0 p.m.24 views

CVE-2007-4779

Cross-site scripting XSS vulnerability in Joomla! 1.5 before RC2 aka Endeleo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section...

5.8AI score0.01279EPSS
Exploits1References6
Exploit DB
Exploit DB
added 2007/09/01 12:0 a.m.56 views

Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection

!/usr/bin/php -q -d shortopentag=on getPageParameters; switch $params-get'filtertype', 'title' case 'title' : $where .= ' AND LOWER a.title LIKE '%'.$filter.'%''; break; case 'author' : $where .= ' AND LOWER u.name LIKE '%'.$filter.'%' OR LOWER a.createdbyalias LIKE '%'.$filter.'%' '; break;...

7AI score
Exploits0
xssed
xssed
added 2007/05/20 12:0 a.m.18 views

Unfixed XSS vulnerability at www.unicycle.com

Security researcher KURDISHMOD, has submitted on 20/05/2007 a cross-site-scripting XSS vulnerability affecting www.unicycle.com, which at the time of submission ranked 220478 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/05/2007. It is...

Exploits0References1
exploitpack
exploitpack
added 2007/05/14 12:0 a.m.24 views

webdesproxy 0.0.1 - exec-shield GET Remote Code Execution

webdesproxy 0.0.1 - exec-shield GET Remote Code Execution / Fedora Core 6 exec-shield based Webdesproxy webdesproxy-0.0.1.tgz remote root exploit reverse connect-back method by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL:...

0.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2007/04/12 12:19 a.m.3 views

CVE-2007-1974

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...

7.5CVSS6.4AI score0.05532EPSS
Exploits0References20
Prion
Prion
added 2007/04/12 12:19 a.m.15 views

Sql injection

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...

7.5CVSS8.8AI score0.05532EPSS
Exploits0References19Affected Software3
NVD
NVD
added 2007/04/12 12:19 a.m.19 views

CVE-2007-1974

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...

7.5CVSS8.4AI score0.05532EPSS
Exploits0References19
Cvelist
Cvelist
added 2007/04/12 12:0 a.m.27 views

CVE-2007-1974

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...

8.4AI score0.05532EPSS
Exploits0References19
CVE
CVE
added 2007/04/12 12:0 a.m.54 views

CVE-2007-1974

The CVE-2007-1974 entry describes an SQL injection in WF-Section (XOOPS WF-Section) 1.0.1, via the articleid parameter to print.php, affecting the getArticle function in class/wfsarticle.php. Affected component is the WF-Section XOOPS module; the vulnerability arises from inadequate input sanitiz...

7.5CVSS8.4AI score0.05532EPSS
Exploits0References19Affected Software3
Tenable Nessus
Tenable Nessus
added 2007/04/03 12:0 a.m.27 views

XOOPS WF-Section Module print.php articleid Parameter SQL Injection

The remote host is running the WF-Section module, a third-party module for XOOPS. The version of this module installed on the remote host fails to properly sanitize user-supplied input to the 'articleid' parameter of the 'modules/wfsection/print.php' script before using it to build a database...

7.5CVSS5.6AI score0.05532EPSS
Exploits0References2
0day.today
0day.today
added 2007/04/02 12:0 a.m.37 views

XOOPS Module WF-Section <= 1.01 (articleid) SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================= XOOPS Module WF-Section : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n";...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/04/02 12:0 a.m.44 views

XOOPS Module WF-Section 1.01 - &#039;articleId&#039; SQL Injection

!/usr/bin/perl Script Name: XOOPS Module WF-Section : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop $id; $target =...

7AI score
Exploits0
Rows per page
Query Builder