Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2008-0395

Malware in sbrugna...

7.5CVSS6.3AI score0.00489EPSS
Exploits1References6
seebug.org
seebug.orgadded 2008/03/02 12:0 a.m.22 views

Urulu connectionId参数SQL盲注漏洞

BUGTRAQ ID: 28032 CVECAN ID: CVE-2008-0385 Urulu是用PHP、JavaScript和XSL编写的内容管理系统。 Urulu处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞获取敏感信息。 如果向以下URI提交了带有畸形connectionId参数的POST请求的话: /index.php/statprt/js/request /index.php/dyn/js/request 就可能执行SQL注入攻击,导致泄露帐号口令等敏感信息;如果Urulu数据库用户拥有FILE权限的话,还可能通过MySQL的INTO...

7.5CVSS6.4AI score0.00489EPSS
Exploits1
Prion
Prionadded 2008/02/29 7:44 p.m.11 views

Sql injection

SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with 1 statprt/js/request or 2 dyn/js/request in the PATHINFO...

7.5CVSS9AI score0.00489EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2008/02/29 7:44 p.m.15 views

CVE-2008-0385

SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with 1 statprt/js/request or 2 dyn/js/request in the PATHINFO...

7.5CVSS8.3AI score0.00489EPSS
Exploits1References5
CVE
CVEadded 2008/02/29 7:0 p.m.41 views

CVE-2008-0385

Urulu 2.1 contains a SQL injection in the connectionId parameter of index.php via PATH_INFO (statprt/js/request or dyn/js/request). The vulnerability allows remote attackers to extract data from the database, with potential for arbitrary code execution if the database user has FILE privileges (e....

7.5CVSS8.2AI score0.00489EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2008/02/29 7:0 p.m.13 views

CVE-2008-0385

SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with 1 statprt/js/request or 2 dyn/js/request in the PATHINFO...

8.3AI score0.00489EPSS
Exploits1References5
securityvulns
securityvulnsadded 2008/02/29 12:0 a.m.79 views

Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385)

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Urulu Vendor: USystems Subject: Blind SQL Injection Vulnerability Risk: High Author: Daniel Roethlisberger Date: 2008-02-25 CVE Name: CVE-2008-0385 Introduction ------------ An AJAX based Blind SQL Injection vulnerability exists in the Web 2....

7.5CVSS0.4AI score0.00489EPSS
Exploits1
securityvulns
securityvulnsadded 2008/02/29 12:0 a.m.47 views

Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385)

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Urulu Vendor: USystems Subject: Blind SQL Injection Vulnerability Risk: High Author: Daniel Roethlisberger Date: 2008-02-25 CVE Name: CVE-2008-0385 Introduction ------------ An AJAX based Blind SQL Injection vulnerability exists in the Web 2....

7.5CVSS0.4AI score0.00489EPSS
Exploits1
Rows per page
Query Builder