CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7575 matches found

OpenVAS•added 2008/09/24 12:0 a.m.•10 views

Debian: Security Advisory (DSA-1639-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.7AI score0.0828EPSS

Exploits6References3

Exploit DB•added 2008/09/22 12:0 a.m.•37 views

Sagem F@ST Routers - DHCP Hostname Cross-Site Request Forgery

!/usr/bin/env python OOO OOO OO OOO O O O O O O O O O O O O OO OO OOOOO OOOOO OOO OO OOOOOO O O OO OO OOOOO O O OO O O O O O OO O O O O O OO O O O O O O O O O OOOOOOO O O O O O O OOOOOOO O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O OOO OOO OOO OOOOOO OOOOO OOOOO OOOOOO OOO OOO OO...

7.4AI score

Exploits0

Packet Storm•added 2008/09/19 12:0 a.m.•19 views

looyu-xss.txt

Application: LooYu Web IM Vendor: www.looyu.com Corporation: DuoYou, Inc. Version: Latest: 19 SEP 2008 - Home Edition, Enterprise & Professional Description: LooYu Web IM 2008 Cross-Site Scripting Vulnerabilities Background: ============== LooYu is a web-based group chat tool that lets invite a...

7.4AI score

Exploits0

seebug.org•added 2008/09/10 12:0 a.m.•31 views

vtiger CRM多个跨站脚本漏洞

BUGTRAQ ID: 30951 CVECAN ID: CVE-2008-3101 vtiger CRM是基于web的开源客户关系管理系统。 vtiger CRM实现上存在漏洞，远程攻击者可以通过向vtiger CRM的多个模块提交恶意的认证或查询请求执行跨站脚本攻击。 1 当module设置为Users且action设置为Authenticate的时候，index.php文件没有正确的验证对userpassword参数的输入便返回给了用户，可能导致在用户浏览器会话中执行任意HTML和脚本代码。 2...

4.3CVSS0.2AI score0.03768EPSS

Exploits3

Packet Storm•added 2008/09/04 12:0 a.m.•42 views

xrms-sqlxss.txt

Multiple Cross Site Scripting XSS and SQL injection Vulnerabilities in XRMS, CVE-2008-3664 References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3664 http://xrms.sourceforge.net Description XRMS is a web-based application for managing...

4.3CVSS6.5AI score0.01489EPSS

Exploits1

Prion•added 2008/08/25 9:41 p.m.•17 views

Directory traversal

Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

5CVSS7.2AI score0.02685EPSS

Exploits1References4Affected Software1

NVD•added 2008/08/25 9:41 p.m.•17 views

CVE-2008-3776

Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

5CVSS6.6AI score0.02685EPSS

Exploits1References4

CVE•added 2008/08/25 9:0 p.m.•40 views

CVE-2008-3776

CVE-2008-3776 describes a directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2. The issue allows an attacker to read arbitrary files by supplying a .. (dot dot) sequence in the URI, enabling partial confidentiality impact. The provided documents specify the affected product and...

5CVSS6.7AI score0.02685EPSS

Exploits1References4Affected Software1

Cvelist•added 2008/08/25 9:0 p.m.•22 views

CVE-2008-3776

Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

6.6AI score0.02685EPSS

Exploits1References4

seebug.org•added 2008/08/23 12:0 a.m.•12 views

Fujitsu Web-Based Admin View目录遍历漏洞

BUGTRAQ ID: 30780 CNCAN ID：CNCAN-2008082204 Fujitsu Web-Based Admin View不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限查看系统文件内容。提交包含多个"../"字符作为GET请求数据，可导致绕过WEB ROOT限制，以WEB权限查看系统文件内容。 Fujitsu Web-Based Admin View 2.1.2 目前没有解决方案提供： http://www.fujitsu.com/ GET /.././.././.././.././.././.././.././.././.././etc/passw...

6.9AI score

Exploits0

Packet Storm•added 2008/08/22 12:0 a.m.•22 views

fujitsu-traverse.txt

Fujitsu Web-Based Admin View Directory Traversal Vulnerability Version: 2.1.2 on Solaris, Other versions may vulnerable Vulnerability: Directory Traversal Risk: Critical Description: Due to insufficient control of user inputs, Fujitsu Web-based admin view reveals content of files residing in...

7.4AI score

Exploits0

Prion•added 2008/08/20 4:41 p.m.•16 views

Directory traversal

Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

5CVSS7.1AI score0.02848EPSS

Exploits1References7Affected Software1

Prion•added 2008/08/20 4:41 p.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI...

4.3CVSS6.1AI score0.01272EPSS

Exploits1References6Affected Software1

Prion•added 2008/08/20 4:41 p.m.•11 views

Improper access control

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/...

5CVSS6.9AI score0.01568EPSS

Exploits1References6Affected Software1

NVD•added 2008/08/20 4:41 p.m.•14 views

CVE-2008-3728

5CVSS6.3AI score0.01568EPSS

Exploits1References6

NVD•added 2008/08/20 4:41 p.m.•15 views

CVE-2008-3729

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with 1 an IsAdmin=true cookie value or 2 no cookie...

7.5CVSS6.9AI score0.01707EPSS

Exploits1References5

NVD•added 2008/08/20 4:41 p.m.•16 views

CVE-2008-3726

Cross-site scripting XSS vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI...

4.3CVSS5.7AI score0.01272EPSS

Exploits1References6

CVE•added 2008/08/20 4:0 p.m.•40 views

CVE-2008-3729

CVE-2008-3729 affects MicroWorld Technologies MailScan Web-Based Administration (MailScan 5.6.a espatch 1). The issue allows remote attackers to bypass authentication and obtain administrative access by sending a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. This is a coo...

7.5CVSS6.9AI score0.01707EPSS

Exploits1References5Affected Software1

CVE•added 2008/08/20 4:0 p.m.•34 views

CVE-2008-3728

CVE-2008-3728 affects MicroWorld Technologies MailScan 5.6.a espatch 1. Web-based administration stores sensitive information under the web root with insufficient access control, enabling remote attackers to discover installation path, IP addresses, and error messages by requesting files under LO...

5CVSS6.3AI score0.01568EPSS

Exploits1References6Affected Software1

Cvelist•added 2008/08/20 4:0 p.m.•22 views

CVE-2008-3726

Cross-site scripting XSS vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI...

5.7AI score0.01272EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by