CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-3195

Malware in sbrugna...

6.8CVSS6.4AI score0.00298EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-3194

Malware in sbrugna...

6.8CVSS6.4AI score0.00908EPSS

Exploits1References3

0day.today•added 2010/10/26 12:0 a.m.•30 views

Forced Matrix Script Remote Upload Vulnerability

Exploit for php platform in category web applications ================================================ Forced Matrix Script Remote Upload Vulnerability ================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\...

7.1AI score

Exploits0

NVD•added 2009/11/16 8:30 p.m.•7 views

CVE-2009-3949

cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not require administrative authentication for the donewauthor action, which allows remote attackers to create administrative accounts via the name, password, and confpassword parameters...

7.5CVSS7AI score0.0239EPSS

Exploits0References2

CVE•added 2009/11/16 8:0 p.m.•40 views

CVE-2009-3949

CVE-2009-3949 affects VivaPrograms Infinity 2.0.5 and earlier (cp/profile.php). The root cause is missing administrative authentication for the donewauthor action, allowing remote attackers to create administrative accounts via the name, password, and conf_password parameters. Exploitation is net...

7.5CVSS7AI score0.0239EPSS

Exploits0References2Affected Software1

Cvelist•added 2009/11/16 8:0 p.m.•12 views

CVE-2009-3949

7AI score0.0239EPSS

Exploits0References2

Prion•added 2009/09/16 5:30 p.m.•9 views

Directory traversal

Directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x, when magicquotesgpc is disabled, allows remote attackers to read arbitrary files via a .. dot dot in the optionsstyledir parameter to the default URI...

6.8CVSS7.2AI score0.00908EPSS

Exploits1References2Affected Software1

Prion•added 2009/09/16 5:30 p.m.•10 views

Sql injection

SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field...

6.8CVSS9.1AI score0.00298EPSS

Exploits1References2Affected Software1

NVD•added 2009/09/16 5:30 p.m.•9 views

CVE-2009-3212

SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field...

6.8CVSS8.3AI score0.00298EPSS

Exploits1References2

CVE•added 2009/09/16 5:0 p.m.•34 views

CVE-2009-3212

The CVE-2009-3212 entry describes an SQL injection in VivaPrograms Infinity Script 2.x.x when magic_quotes_gpc is disabled. The underlying issue is improper sanitization/escaping of the username field, enabling remote attackers to craft inputs that alter SQL queries. Impact is described as arbitr...

6.8CVSS8.4AI score0.00298EPSS

Exploits1References2Affected Software1

Cvelist•added 2009/09/16 5:0 p.m.•17 views

CVE-2009-3211

6.7AI score0.00908EPSS

Exploits1References2

CVE•added 2009/09/16 5:0 p.m.•46 views

CVE-2009-3211

CVE-2009-3211 describes a directory traversal vulnerability in VivaPrograms Infinity Script 2.x.x. When magic_quotes_gpc is disabled, remote attackers can read arbitrary files by injecting a .. into the options[style_dir] parameter of the default URI. The NVD entry lists a base score of 6.8 (Medi...

6.8CVSS6.7AI score0.00908EPSS

Exploits1References2Affected Software1

Cvelist•added 2009/09/16 5:0 p.m.•17 views

CVE-2009-3212

SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field...

8.3AI score0.00298EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by