CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8202 matches found

OSV•added 2006/02/21 2:2 a.m.•7 views

CVE-2006-0806

Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...

5.5AI score

Exploits0References18

OSV•added 2006/02/21 2:2 a.m.•1 views

DEBIAN-CVE-2006-0806

4.3CVSS6.1AI score0.05871EPSS

Exploits2References1

securityvulns•added 2006/02/16 12:0 a.m.•32 views

CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC

The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityPre-AdvisoryPhishingVectorinSAPBC.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Phishing Vector in SAP BC Business Connector Vulnerability Class: Phishing Vector / Improper Input...

6.7AI score

Exploits0

exploitpack•added 2006/02/11 12:0 a.m.•21 views

ImageVue 0.16.1 - upload.php Unrestricted Arbitrary File Upload

ImageVue 0.16.1 - upload.php Unrestricted Arbitrary File Upload source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content...

0.8AI score

Exploits0

Prion•added 2006/01/04 12:3 a.m.•17 views

Buffer overflow

Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector...

7.5CVSS8.3AI score0.04778EPSS

Exploits1References3Affected Software1

CERT•added 2005/12/28 12:0 a.m.•40 views

Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability

Overview Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the Windows operating...

7.5CVSS6.8AI score0.86476EPSS

Exploits14References26

NVD•added 2005/12/13 11:3 a.m.•19 views

CVE-2005-4189

Multiple cross-site scripting XSS vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the Calendar name field when creating calendars, 2 event title field when deleting events, the 3 Category and 4 Location search fields...

3.5CVSS5.4AI score0.01432EPSS

Exploits0References12

exploitpack•added 2005/11/16 12:0 a.m.•12 views

Opera Web Browser 8.08.5 - HTML Form Status Bar Misrepresentation

Opera Web Browser 8.08.5 - HTML Form Status Bar Misrepresentation source: https://www.securityfocus.com/bid/15472/info A vulnerability has been identified in Opera Web browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into...

7.2AI score

Exploits0

securityvulns•added 2005/11/09 12:0 a.m.•36 views

[Full-disclosure] CYBSEC - Security Advisory: Phishing Vector in SAP WAS

The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryPhishingVectorinSAPWAS.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Phishing Vector in SAP WAS Web Application Server Vulnerability Class: Phishing Vector / Improper Input...

7AI score

Exploits0

Gentoo Linux•added 2005/10/06 12:0 a.m.•20 views

Dia: Arbitrary code execution through SVG import

Background Dia is a gtk+ based diagram creation program released under the GPL license. Description Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Impact An attacker could create a specially crafted SVG file, which, when imported...

5.1CVSS6.5AI score0.02614EPSS

Exploits1

Exploit DB•added 2005/07/09 12:0 a.m.•29 views

SoftiaCom wMailServer 1.0 - Local Information Disclosure

// source: https://www.securityfocus.com/bid/14212/info SoftiaCom WMailserver is prone to a local information disclosure vulnerability. The application stores passwords in the windows registry. A local attacker may exploit this issue to disclose potentially sensitive information. / Vulnerability:...

7.4AI score

Exploits0

exploitpack•added 2005/06/16 12:0 a.m.•12 views

ATutor 1.4.3 - search.php Multiple Cross-Site Scripting Vulnerabilities

ATutor 1.4.3 - search.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker...

7AI score

Exploits0

Exploit DB•added 2005/05/26 12:0 a.m.•23 views

BookReview 1.0 - 'add_booklist.htm?node' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...

7AI score

Exploits0

Exploit DB•added 2005/05/20 12:0 a.m.•25 views

phpMyAdmin 2.x - 'server_databases.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15196/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...

7.4AI score

Exploits0

Tenable Nessus•added 2005/05/18 12:0 a.m.•13 views

Serendipity < 0.80 RC7 Multiple Vulnerabilities

Binary data 2920.prm...

7.5CVSS7.3AI score0.01317EPSS

Exploits0References3

Positive Technologies•added 2005/05/05 12:0 a.m.•4 views

PT-2005-1945 · Adobe · Svg Viewer

Name of the Vulnerable Software and Affected Versions: Adobe SVG Viewer versions 3.02 and earlier Description: The issue allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page...

5CVSS6.7AI score0.02362EPSS

Exploits1References6

securityvulns•added 2005/03/31 12:0 a.m.•26 views

Multiple XSS issues in Sun AnswerBook2

PTT SECURITY ADVISORY DATE: 08-02-2005 AUTHOR: THOMAS LIAM ROMANIS CURRENT EMPLOYER: Echelon Ltd VENDOR: Sun PRODUCT: Sun AnswerBook2 VERSIONS TESTED: 1.4.4 on Solaris 8.0 Sparc TITLE: Multiple issues in Sun Answerbook2 Full Disclosure. Summary. A number of issues have been identified in Sun...

4.3CVSS0.2AI score0.0172EPSS

Exploits4

Packet Storm•added 2005/03/29 12:0 a.m.•37 views

answerbook2.txt

4.3CVSS6.5AI score0.0172EPSS

Exploits4

0day.today•added 2005/03/28 12:0 a.m.•38 views

Smail 3.2.0.120 Remote Root Heap Overflow Exploit

Exploit for linux platform in category remote exploits ================================================= Smail 3.2.0.120 Remote Root Heap Overflow Exploit ================================================= / 0 smail preparseaddress1 heap bof remote root exploit infamous42md AT hotpop DOT com Shout...

7.1AI score

Exploits0

Packet Storm•added 2005/03/24 12:0 a.m.•29 views

kayakoXSS2.txt

GulfTech Security Research March 22, 2005 Vendor : Kayako Web Solutions URL : http://www.kayako.com/ Version : Kayako eSupport v2.3 Risk : Cross Site Scripting Description: Kayako eSupport is a popular helpdesk, and support software. It is used by many businesses for customer support purposes...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by