Lucene search
+L

143 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

pMachine 1.0/2.x Search Module Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7981/info Reportedly, pMachine is vulnerable to a cross-site scripting attack. The vulnerability is present in the search module. The issue presents itself likely due to insufficient sanitization performed on user-supplie...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

osCommerce 2.2 products_id URI Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9275/info It has been reported that one of the scripts included with osCommerce fails to validate user-supplied input, rendering it vulnerable to a SQL injection attack. It has been reported that an attacker may supply...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

PHP 4/5 Input/Output Wrapper Remote Include Function Command Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10427/info PHP is reportedly affected by an arbitrary command-execution weakness through the PHP 'include' function. This issue is due to a design error that allows the execution of attacker-supplied POST PHP commands whe...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Siteman 1.1 User Database Privilege Escalation Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker can supply...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Siteman 1.1 User Database Privilege Escalation Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker can supply...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2012/07/17 6:51 p.m.5 views

Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53)

The Content Security Policy CSP functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violatio...

4.3CVSS7.4AI score0.01606EPSS
Exploits0References4
NVD
NVD
added 2012/01/13 6:55 p.m.30 views

CVE-2012-0030

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...

4.9CVSS6.2AI score0.01758EPSS
Exploits0References6
NVD
NVD
added 2011/06/09 7:55 p.m.24 views

CVE-2011-1699

Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url...

9.3CVSS7.9AI score0.04883EPSS
Exploits0References7
NVD
NVD
added 2011/04/27 12:55 a.m.17 views

CVE-2010-4798

Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the uri parameter...

6.8CVSS7.2AI score0.02331EPSS
Exploits1References3
NVD
NVD
added 2010/09/17 8:0 p.m.16 views

CVE-2010-3455

Cross-site scripting XSS vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter...

4.3CVSS5.7AI score0.01075EPSS
Exploits1References4
Cvelist
Cvelist
added 2010/09/17 7:0 p.m.23 views

CVE-2010-3455

Cross-site scripting XSS vulnerability in index.php in AChecker 1.0 allows remote attackers to inject arbitrary web script or HTML via the uri parameter...

5.7AI score0.01075EPSS
Exploits1References4
seebug.org
seebug.org
added 2009/12/10 12:0 a.m.13 views

phpldapadmin Local File Inclusion

No description provided by source. PHPLDAPADMIN LOCAL FILE INCLUSION author : ipsecs website : http://ipsecs.com Date : December, 10th, 2009 -i- Description "Phpldapadmin is web based LDAP client which provides easy, anywhere-accessible, multi-language administration for LDAP server."...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/12/10 12:0 a.m.36 views

phpLDAPadmin - Local File Inclusion

PHPLDAPADMIN LOCAL FILE INCLUSION author : ipsecs website : http://ipsecs.com Date : December, 10th, 2009 -i- Description "Phpldapadmin is web based LDAP client which provides easy, anywhere-accessible, multi-language administration for LDAP server." http://phpldapadmin.sourceforge.net vulnerable...

7.4AI score
Exploits0
0day.today
0day.today
added 2009/12/10 12:0 a.m.25 views

phpldapadmin Local File Inclusion

Exploit for unknown platform in category web applications ================================= phpldapadmin Local File Inclusion ================================= PHPLDAPADMIN LOCAL FILE INCLUSION author : ipsecs website : http://ipsecs.com Date : December, 10th, 2009 -i- Description "Phpldapadmin i...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/11/03 12:0 a.m.29 views

e-Courier CMS Tracking xss

Exploit for unknown platform in category web applications ========================== e-Courier CMS Tracking xss ========================== Vendor: e-Courier http://www.ecouriersoftware.com/ Product: CMS Tracking Site Issue: Cross-Site Scripting. Description: Nearly all pages include the URI...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/09/04 12:0 a.m.34 views

MediaWiki 'IP'参数远程文件包含漏洞

BUGTRAQ: 9057 MediaWiki没有充分过滤用户提交的URI参数,远程攻击者可以利用这个漏洞包含远程服务器上的恶意文件,以WEB权限执行任意代码。 问题应该是对MediaWiki的'IP'参数缺少充分过滤,包含文件可被攻击者任意指令,如果指定远程服务器的恶意PHP文件,可导致以WEB进程权限执行。 MediaWiki-stable 20030829/20031107 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁: 修改php.ini配置文件,关闭'allowurlfopen'和'registerglobals'选项。 厂商补丁:...

7.1AI score
Exploits0
Prion
Prion
added 2008/01/31 8:0 p.m.20 views

Directory traversal

Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. dot dot in the uri parameter to dispatcher.php in 1 examples/dispatcher/framework/, 2 examples/dispatcher/, 3 examples/wizard/, and 4 PHP/, different vectors than...

5CVSS7AI score0.02906EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2007/11/30 1:46 a.m.12 views

Directory traversal

Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter to 1 languagesn.php, 2 languagesf.php, or 3 languages.php in inc/; and 4 allow remote attackers to read arbitrary...

7.5CVSS7.7AI score0.0398EPSS
Exploits0References10Affected Software1
seebug.org
seebug.org
added 2006/12/10 12:0 a.m.35 views

NucleusCMS/Blog:CMS/PunBB未明远程文件包含漏洞

CMS/Blog:CMS/PunBB是基于WEB的BLOG系统和论坛系统。CMS/Blog:CMS/PunBB对用户提交的URI参数缺少充分过滤,远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行任意命令。目前没有详细漏洞细节提供 PunBB PunBB 1.0-1.1.4/Nucleus CMS 3.0-3.0 RC/BLOG:CMS 3.0-3.1.3 厂商补丁:BLOG:CMS--------目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:BLOG:CMS Upgrade BLOG:CMS...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2005/08/27 12:0 a.m.19 views

Looking Glass 20040427 - Remote Command Execution

Looking Glass 20040427 - Remote Command Execution source: https://www.securityfocus.com/bid/14682/info Looking Glass may be exploited to execute arbitrary commands. An attacker can prefix arbitrary commands with the '|' character, supply them through a URI parameter and have them executed in the...

0.5AI score
Exploits0
Rows per page
Query Builder