Lucene search
K

660 matches found

Atlassian
Atlassian
added 2006/08/22 7:36 a.m.16 views

publically available usernames are a security risk

The login username of users is revealed all over the place in URLs that link to user profile, or user's list of assigned open bugs etc. This seems to be a big security risk, because you have given away half of the user identification to strangers. Anybody can look up a user in the issue tracker a...

0.7AI score
Exploits0
Cvelist
Cvelist
added 2006/08/02 4:0 p.m.18 views

CVE-2006-3971

Cross-site scripting XSS vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter...

5.8AI score0.01555EPSS
Exploits1References6
NVD
NVD
added 2006/06/27 10:5 a.m.12 views

CVE-2006-3239

SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter...

7.5CVSS8.4AI score0.01275EPSS
Exploits1References4
Cvelist
Cvelist
added 2006/06/27 10:0 a.m.16 views

CVE-2006-3239

SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter...

8.4AI score0.01275EPSS
Exploits1References4
exploitpack
exploitpack
added 2006/06/27 12:0 a.m.24 views

Scout Portal Toolkit 1.4.0 - forumid SQL Injection

Scout Portal Toolkit 1.4.0 - forumid SQL Injection !/usr/bin/perl =============================================================== Scout Portal Toolkit 1.4.0 Remote SQL injection Exploit Coded By Simo64 Moroccan Security Research Team Specials thx to :Greetz : CiM-Team - CrAsHoVeRrIdE - dabdoub -...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2006/06/24 10:0 a.m.19 views

CVE-2006-3218

SQL injection vulnerability in profile.php in Woltlab Burning Board WBB 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter...

8.4AI score0.01179EPSS
Exploits0References3
Prion
Prion
added 2006/05/19 11:2 p.m.16 views

Sql injection

SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter...

6.4CVSS9.1AI score0.01156EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2006/05/19 11:2 p.m.17 views

CVE-2006-2486

SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter...

6.4CVSS8.4AI score0.01156EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/05/19 11:0 p.m.21 views

CVE-2006-2486

SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter...

8.4AI score0.01156EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/04/27 10:0 a.m.17 views

CVE-2006-2067

SQL injection vulnerability in vbboardfunctions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter...

8.4AI score0.01136EPSS
Exploits1References5
NVD
NVD
added 2006/04/20 6:6 p.m.10 views

CVE-2006-1917

SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter...

7.5CVSS8.4AI score0.01419EPSS
Exploits1References6
Prion
Prion
added 2006/04/20 6:6 p.m.14 views

Sql injection

SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter...

7.5CVSS9.1AI score0.01419EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2006/04/20 6:0 p.m.13 views

CVE-2006-1917

SQL injection vulnerability in member.php in Blackorpheus ClanMemberSkript 1.0 allows remote attackers to execute arbitrary SQL commands via the userID parameter...

8.4AI score0.01419EPSS
Exploits1References6
NVD
NVD
added 2006/04/07 10:4 a.m.14 views

CVE-2006-1661

Multiple cross-site scripting XSS vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 areaID parameter in area.View.action, 2 time parameter in planning.View.action, and 3 userID parameter in user.View.action...

6.8CVSS5.8AI score0.02432EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2006/03/26 12:0 a.m.32 views

WebGUI < 6.7.6 arbitrary command execution

The remote web server contains a CGI script that is prone to arbitrary code execution. Description : The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the OpenVAS...

7.5CVSS0.3AI score0.09117EPSS
Exploits1References2
securityvulns
securityvulns
added 2006/03/22 12:0 a.m.32 views

Mini-Nuke&lt;=1.8.2 SQL injection &#40;6&#41;

//mini-nuke board turk have many sql injection founded by Moroccan Security Team //Creetz to: Moroccan Security Team Dr.E-vil,Dr.Erase,H0550N,|ucifer,DaBDouB-MoSiKaR OverclockiX,ki11er ,Dranzelz,Esp!onLeRaVaGe,ameer,www.lezr.com and all muslim morocco 1...

Exploits0
Prion
Prion
added 2006/03/10 2:2 a.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...

4.3CVSS5.9AI score0.02121EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2006/03/10 2:2 a.m.20 views

CVE-2006-1133

Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...

4.3CVSS5.6AI score0.01977EPSS
Exploits0References7
Cvelist
Cvelist
added 2006/03/10 2:0 a.m.24 views

CVE-2006-1133

Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...

5.6AI score0.01977EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2006/02/28 12:0 a.m.33 views

phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution

The remote host has installed on it the phpRPC library, an xmlrpc library written in PHP and bundled with applications such as RunCMS and exoops. The version of phpRPC on the remote host fails to sanitize user input to the 'server.php' script before using it in an 'eval' function, which may allow...

7.5CVSS5.9AI score0.03484EPSS
Exploits6References3
Rows per page
Query Builder