CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

NVD•added 2012/08/31 9:55 p.m.•10 views

CVE-2011-5144

Open Business Management OBM 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function...

5CVSS6.3AI score0.01489EPSS

Exploits1References4

Prion•added 2012/08/31 9:55 p.m.•20 views

Design/Logic Flaw

Open Business Management OBM 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function...

5CVSS6.8AI score0.01489EPSS

Exploits1References4Affected Software1

CVE•added 2012/08/31 9:0 p.m.•47 views

CVE-2011-5144

Open Business Management (OBM) server vulnerability CVE-2011-5144 affects OBM 2.4.0-rc13 and earlier. A direct request to test.php triggers phpinfo(), allowing remote attackers to obtain configuration information, i.e., partial disclosure of sensitive data. This is a server-side information discl...

5CVSS6.5AI score0.01489EPSS

Exploits1References4Affected Software1

exploitpack•added 2012/03/21 12:0 a.m.•40 views

Open Journal Systems (OJS) 2.3.6 - Multiple Script Arbitrary File Upload

Open Journal Systems OJS 2.3.6 - Multiple Script Arbitrary File Upload source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1. An arbitrary-file-deletion...

7.4AI score

Exploits0

NVD•added 2011/09/23 11:55 p.m.•11 views

CVE-2011-3749

ka-Map 1.0-20070205 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test.php and certain other files...

5CVSS6.1AI score0.01229EPSS

Exploits0References3

0day.today•added 2010/06/23 12:0 a.m.•37 views

MyCommunity <= V1.02 Remote Code Execution

Exploit for php platform in category web applications ========================================== MyCommunity = V1.02 Remote Code Execution ==========================================...

7.1AI score

Exploits0

seebug.org•added 2009/02/28 12:0 a.m.•24 views

视频播客SupeV 1.0.1 多个安全漏洞

SupeV 是discuz旗下视频播客产品。漏洞文件：api目录下test.php 直接看代码 $str=filegetcontents $thumb ;//首先第18行用filegetcontents 读取$thumb参数的文件内容，注意这里也可以读远程文件， $path = ".".getthumbpath $vid ;//第19行获取路径参数 $vid $optbig = array "targetfile" = $path.".jpg", "attach" = $attach'attach', "ext" = $attach'extension', "ratio" = fals...

7.1AI score

Exploits0

0day.today•added 2008/12/14 12:0 a.m.•159 views

PHP Weather 2.2.2 (LFI/XSS) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications =========================================================== PHP Weather 2.2.2 LFI/XSS Multiple Remote Vulnerabilities =========================================================== Lfi/xss script: phpweather-2.2.2 download...

7.1AI score

Exploits0

Exploit DB•added 2008/12/14 12:0 a.m.•31 views

PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting

Lfi/xss script: phpweather-2.2.2 download from:http://downloads.sourceforge.net/phpweather/phpweather-2.2.2.zip?modtime=1087430400&bigmirror=0 vul: /test.php line 48: requirePHPWEATHERBASEDIR . "/output/pwtext$language.php"; xpl: www.site.com/path/test.php?metar=&language=Lfi%00...

7.4AI score

Exploits0

UbuntuCve•added 2007/06/12 11:30 p.m.•29 views

CVE-2007-3191

Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...

9.4CVSS5.9AI score0.08383EPSS

Exploits1References1

Prion•added 2007/06/12 11:30 p.m.•17 views

Information disclosure

Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...

9.4CVSS6.5AI score0.08383EPSS

Exploits1References7Affected Software1

Cvelist•added 2006/09/01 11:0 p.m.•24 views

CVE-2006-4528

Multiple cross-site scripting XSS vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 recherche parameter in recherchemembre.php and the 2 email parameter in test.php...

5.8AI score0.01313EPSS

Exploits0References7

0day.today•added 2006/07/01 12:0 a.m.•23 views

SmartSiteCMS 1.0 (root) Multiple Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ====================================================================== SmartSiteCMS 1.0 root Multiple Remote File Inclusion Vulnerabilities ====================================================================== smartsite cms v1.0 Multiple...

7.1AI score

Exploits0

seebug.org•added 2006/07/01 12:0 a.m.•13 views

SmartSiteCMS 1.0 (root) Multiple Remote File Inclusion Vulnerabilities

No description provided by source. smartsite cms v1.0 Multiple Remote File include ------------------------------------------------- Discovered By CrAshoVeRrIdE Arabian Security Team ------------------------------------------------- site of script:www.smartsitecms.net...

7.1AI score

Exploits0

UbuntuCve•added 2006/06/15 10:2 a.m.•14 views

CVE-2006-2195

Cross-site scripting XSS vulnerability in horde 3 horde3 before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via 1 templates/problem/problem.inc and 2 test.php...

6.8CVSS6.1AI score0.02197EPSS

Exploits1References1

Tenable Nessus•added 2005/09/21 12:0 a.m.•38 views

PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities

The version of PHP Advanced Transfer Manager on the remote host suffers from multiple information disclosure and cross-site scripting flaws. For example, by calling a text or HTML viewer directly, an unauthenticated attacker can view arbitrary files, provided PHP's 'registerglobals' setting is...

5.7AI score

Exploits0References1

NVD•added 2005/09/20 10:3 p.m.•11 views

CVE-2005-2999

PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain sensitive PHP configuration information via a direct request to test.php...

5CVSS6.3AI score0.01181EPSS

Exploits0References2

CVE•added 2005/09/20 4:0 a.m.•41 views

CVE-2005-2999

Technical details about CVE-2005-2999 are not publicly provided in the supplied documents. Monitor for updates from official advisories for affected products, impact, and remediation.

5CVSS6.7AI score0.01181EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2005/09/20 12:0 a.m.•17 views

PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities

Binary data 3234.prm...

7.3AI score

Exploits0References1

securityvulns•added 2003/03/22 12:0 a.m.•26 views

AzDGGuestbook

Product : AzDGGuestbook Version : 1.0.0 WebSite : http://www.azdg.com Problem : phpinfo Description: ------------ test.php =========== ?php phpinfo; ? =========== Exploit: -------- http://somehost/book/test.php...

0.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by