Lucene search
K

3518 matches found

exploitpack
exploitpack
added 2004/01/20 12:0 a.m.32 views

DUware Software - Multiple Vulnerabilities

DUware Software - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/9462/info It has been reported that various DUware products may be prone to an access validation issue allowing a remote attacker to gain access to sensitive resources by bypassing authentication. An arbitrary fi...

Exploits0
Exploit DB
Exploit DB
added 2004/01/20 12:0 a.m.19 views

DUware Software - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/9462/info It has been reported that various DUware products may be prone to an access validation issue allowing a remote attacker to gain access to sensitive resources by bypassing authentication. An arbitrary file upload vulnerability has been specified ...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2003/12/11 5:0 a.m.17 views

CVE-2003-0979

FreeScripts VisitorBook LE visitorbook.pl does not properly escape line breaks in input, which allows remote attackers to 1 use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or 2 cause the guestbook database to be deleted via a large number of line...

6.6AI score0.01041EPSS
Exploits0References2
exploitpack
exploitpack
added 2003/11/17 12:0 a.m.21 views

Koch Roland Rolis Guestbook 1.0 - $path Remote File Inclusion

Koch Roland Rolis Guestbook 1.0 - $path Remote File Inclusion source: https://www.securityfocus.com/bid/9054/info It has been reported that Rolis Guestbook may be vulnerable to an input validation issue that may allow an attacker to include malicious files containing arbitrary code to be executed...

7.5AI score
Exploits0
exploitpack
exploitpack
added 2003/10/18 12:0 a.m.11 views

GoldLink 3.0 - Cookie SQL Injection

GoldLink 3.0 - Cookie SQL Injection source: https://www.securityfocus.com/bid/8847/info GoldLink is prone to SQL injection attacks. This is due to insufficient validation of values supplied via cookies. As a result, it may be possible to manipulate SQL queries, potentially resulting in informatio...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2003/09/29 12:0 a.m.32 views

GuppY 2.4 - HTML Injection

source: https://www.securityfocus.com/bid/8717/info It has been reported that one of the scripts included with GuppY is vulnerable to an HTML injection attack. The script, "postguest.php", does not perform input validation to prevent the inclusion of HTML/script content in messages posted to the...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/09/01 12:0 a.m.26 views

[Full-Disclosure] XSS in ezboard

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Issue : Cross site scripting in ezboard Vendor status : developers were contacted ezboard offers a free forum hosted at ... bla ... bla ... improper input validation .. bla ... bla ... script or HTML execution ... bla ... bla sorry but I don't have ti...

6.8AI score
Exploits0
CVE
CVE
added 2003/06/05 4:0 a.m.73 views

CVE-2003-0370

CVE-2003-0370 affects Konqueror Embedded and KDE 2.2.2 and earlier, where the Common Name (CN) in X.509 certificates is not validated, enabling possible MITM certificate spoofing in TLS/SSL traffic. Public disclosures reference CAN-2003-0370 and describe the remote exploitation potential through ...

7.5CVSS6.3AI score0.02062EPSS
Exploits0References8Affected Software2
NVD
NVD
added 2003/05/27 4:0 a.m.18 views

CVE-2003-0255

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path...

10CVSS6.6AI score0.06558EPSS
Exploits0References16
exploitpack
exploitpack
added 2003/05/12 12:0 a.m.9 views

PHP-Nuke 5.x6.x Web_Links Module - SQL Injection

PHP-Nuke 5.x6.x WebLinks Module - SQL Injection source: https://www.securityfocus.com/bid/7558/info It has been reported that multiple input validation bugs exist in the WebLinks module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access ...

8.6AI score
Exploits0
Cvelist
Cvelist
added 2003/05/07 4:0 a.m.24 views

CVE-2003-0255

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path...

6.6AI score0.06558EPSS
Exploits0References16
Exploit DB
Exploit DB
added 2003/04/20 12:0 a.m.30 views

Working Resources 1.7.x/2.15 BadBlue - 'ext.dll' Command Execution

source: https://www.securityfocus.com/bid/7387/info BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access. This is due to an input validation issue in the 'ext.dll' component that could allow a remote attacker to cause '.hts' files to be interpreted by...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2003/03/22 12:0 a.m.22 views

PHP-Nuke 5.6/6.x - 'banners.php' Banner Manager Password Disclosure

source: https://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/12/23 12:0 a.m.31 views

PHP-Nuke 6.0 - 'modules.php' Denial of Service

source: https://www.securityfocus.com/bid/6465/info A denial of service vulnerability has been reported for the modules.php script used by PHP-Nuke. The vulnerability occurs because the modules.php script does not properly validate some URI parameters. An attacker can exploit this vulnerability b...

7.4AI score
Exploits0
CERT
CERT
added 2002/09/27 12:0 a.m.27 views

WebBoard does not adequately validate user input thereby permitting arbitrary JavaScript execution

Overview WebBoard does not adequately validate user input, allowing attackers to execute arbitrary JavaScript code on other WebBoard users' systems. Description WebBoard is a web application which includes a real-time chat server, using JavaScript alerts to display messages received by other user...

5CVSS7.1AI score0.0521EPSS
Exploits1References1
CERT
CERT
added 2002/09/26 12:0 a.m.31 views

WebCalendar does not adequately validate user input

Overview WebCalendar does not properly validate user input, allowing attackers to execute arbitrary commands. Description WebCalendar is a free PHP application providing web calendar services for user groups. WebCalendar contains an unspecified input validation vulnerability, allowing arbitrary...

7.5CVSS7.5AI score0.04043EPSS
Exploits0References1
CERT
CERT
added 2002/09/24 12:0 a.m.24 views

AdCycle does not adequately validate user input thereby allowing for SQL injection

Overview AdCycle does not adequately filter user input, allowing remote attackers to execute arbitrary MySQL queries. Description AdCycle is a shareware banner ad management system written in Perl and designed to work with a MySQL database. AdCycle does not adequately filter multiple unspecified...

5CVSS6.8AI score0.0152EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2002/09/17 12:0 a.m.24 views

DB4Web 3.4/3.6 - File Disclosure

source: https://www.securityfocus.com/bid/5723/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. A directory traversal bug exists i...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/06/12 12:0 a.m.33 views

MakeBook 2.2 - Form Field Input Validation

source: https://www.securityfocus.com/bid/4996/info The MakeBook guestbook software does not sufficiently sanitize potentially dangerous characters from form field input. This may enable attackers to inject arbitrary HTML into form fields, which will be stored on guestbook pages. Additionally, it...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2002/04/03 12:0 a.m.35 views

NetBSD 1.x - TalkD User Validation

NetBSD 1.x - TalkD User Validation source: https://www.securityfocus.com/bid/4419/info talkd is a client-server application shipped with many Unix and Linux variants that is used for communication between users locally or remotely. talkd does not perform adequate validation of users making talk...

7.4AI score
Exploits0
Rows per page
Query Builder