CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2010/07/25 2:4 a.m.•8 views

CVE-2010-2854

Multiple cross-site scripting XSS vulnerabilities in modfile.php in Event Horizon EVH 1.1.10, when magicquotesgpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the 1 YourEmail and 2 VerificationNumber parameters, which are not properly handled in a forced SQL erro...

2.6CVSS6.2AI score0.00263EPSS

Exploits0References2

Prion•added 2010/07/25 2:4 a.m.•7 views

Cross site scripting

2.6CVSS6.7AI score0.00263EPSS

Exploits0References2Affected Software1

Cvelist•added 2010/07/23 8:0 p.m.•10 views

CVE-2010-2854

6.2AI score0.00263EPSS

Exploits0References2

NVD•added 2010/07/13 6:30 p.m.•13 views

CVE-2010-2722

Cross-site scripting XSS vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artistid parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the...

4.3CVSS5.9AI score0.00263EPSS

Cvelist•added 2010/07/13 6:0 p.m.•17 views

CVE-2010-2722

5.9AI score0.00263EPSS

CVE•added 2010/07/13 6:0 p.m.•41 views

CVE-2010-2722

CVE-2010-2722 describes an XSS vulnerability in RightInPoint Lyrics Script 3.0 (index.php) where the attacker can inject arbitrary script via the artist_id parameter, due to inadequate handling of data in a forced SQL error message. The affected component is the web interface’s index.php for Lyri...

4.3CVSS6.1AI score0.00263EPSS

NVD•added 2010/05/07 8:30 p.m.•13 views

CVE-2010-1854

Cross-site scripting XSS vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the idauk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; th...

4.3CVSS5.8AI score0.00318EPSS

Prion•added 2010/05/07 8:30 p.m.•11 views

Cross site scripting

4.3CVSS6.4AI score0.02677EPSS

Exploits1References1

CVE•added 2010/05/07 8:0 p.m.•38 views

CVE-2010-1854

CVE-2010-1854 concerns an XSS in auktion.php of Pay Per Watch & Bid Auktions System, exploitable through the id_auk parameter, where an injected script/HTML appears in a forced SQL error message. Related records (NVD/Red Hat) confirm this vulnerability and its association to CVE-2010-1855 (SQL in...

4.3CVSS6.1AI score0.00318EPSS

Cvelist•added 2010/05/07 8:0 p.m.•12 views

CVE-2010-1854

5.8AI score0.00318EPSS

exploitpack•added 2010/04/29 12:0 a.m.•12 views

chCounter - indirect SQL Injection Cross-Site Scripting

chCounter - indirect SQL Injection Cross-Site Scripting Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities Date: 29.04.2010 Author: Valentin Category: webapps/0day Version: 3.1.1 Tested on: Debian, Apache2, PHP5, MySQL5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...

0.3AI score

Exploit DB•added 2010/04/29 12:0 a.m.•21 views

chCounter - indirect SQL Injection / Cross-Site Scripting

Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities Date: 29.04.2010 Author: Valentin Category: webapps/0day Version: 3.1.1 Tested on: Debian, Apache2, PHP5, MySQL5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Informati...

7.4AI score

Prion•added 2010/04/09 6:30 p.m.•6 views

Cross site scripting

Cross-site scripting XSS vulnerability in tsother.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message...

4.3CVSS6.6AI score0.00263EPSS

CVE•added 2010/04/09 6:0 p.m.•38 views

CVE-2010-1339

CVE-2010-1339 is a cross-site scripting (XSS) vulnerability affecting the WoltLab Burning Board installation using the Teamsite Hack plugin (3.0 and earlier). The issue is triggered by the userid parameter in a modboard action within ts_other.php, where user input is inappropriately handled insid...

4.3CVSS6.2AI score0.00263EPSS

Prion•added 2010/03/23 7:30 p.m.•7 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...

4.3CVSS6.6AI score0.00263EPSS

NVD•added 2010/03/23 7:30 p.m.•9 views

CVE-2010-1076

4.3CVSS6AI score0.00263EPSS

Cvelist•added 2010/01/21 10:0 p.m.•19 views

CVE-2010-0376

Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...

6AI score0.0278EPSS

Exploits1References5

CVE•added 2010/01/21 10:0 p.m.•44 views

CVE-2010-0376

CVE-2010-0376 is an XSS vulnerability in JCE-Tech PHP Calendars, specifically in product_list.php where the cat parameter can be exploited to inject arbitrary HTML/Script. The issue is described as arising from a forced SQL error message related to CVE-2010-0375. Connected sources confirm the vul...

4.3CVSS6.3AI score0.0278EPSS

Exploits1References5Affected Software1

0day.today•added 2009/12/13 12:0 a.m.•15 views

Piwigo v2.0.6 Multiple Vulnerabilities

Exploit for unknown platform in category web applications ========================================= Piwigo : mysqlfetcharray expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\piwigo-2.0.6\include\functions.inc.php on line 936 The parentid and imageid and unsanitized however...

7.1AI score