Lucene search
K

1226 matches found

Prion
Prion
added 2007/03/02 9:18 p.m.19 views

Design/Logic Flaw

The 1 Search, 2 Edit Profile, 3 Recommend, and 4 User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors...

5CVSS7.2AI score0.01076EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/03/02 9:18 p.m.24 views

CVE-2007-1188

WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for 1 composition or 2 length, which has unknown impact, possibly related to "search form hijacking"...

7.5CVSS6.8AI score0.01402EPSS
Exploits0References5
Prion
Prion
added 2007/03/02 9:18 p.m.12 views

Design/Logic Flaw

WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors...

7.5CVSS6.7AI score0.01402EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/03/02 9:18 p.m.16 views

CVE-2007-1180

WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery CSRF attacks or have other unknown impact...

4.3CVSS6.9AI score0.00927EPSS
Exploits0References5
NVD
NVD
added 2007/03/02 9:18 p.m.14 views

CVE-2007-1177

WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to 1 the query string, 2 Profiles, 3 the Forum Post icon field, 4 the Edit Profile, and 5 the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting XSS...

5.8CVSS6.2AI score0.01107EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.4 views

CVE-2007-1188

WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for 1 composition or 2 length, which has unknown impact, possibly related to "search form hijacking"...

7.5CVSS5.7AI score0.01402EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.1 views

CVE-2007-1175

Cross-site scripting XSS vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01033EPSS
Exploits0References5
Prion
Prion
added 2007/03/02 9:18 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information...

4.3CVSS6.1AI score0.01659EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/03/02 9:18 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01033EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/03/02 9:18 p.m.17 views

Design/Logic Flaw

WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for 1 composition or 2 length, which has unknown impact, possibly related to "search form hijacking"...

7.5CVSS7.3AI score0.01402EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.2 views

CVE-2007-1182

WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact...

6.4CVSS5.5AI score0.01047EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.4 views

CVE-2007-1185

The 1 Search, 2 Edit Profile, 3 Recommend, and 4 User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors...

5CVSS5.5AI score0.01076EPSS
Exploits0References6
Prion
Prion
added 2007/03/02 9:18 p.m.13 views

Cross site scripting

WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to 1 the query string, 2 Profiles, 3 the Forum Post icon field, 4 the Edit Profile, and 5 the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting XSS...

5.8CVSS6.6AI score0.01107EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2007/03/02 9:18 p.m.16 views

CVE-2007-1184

The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data...

5CVSS6.5AI score0.01047EPSS
Exploits0References5
Prion
Prion
added 2007/03/02 9:18 p.m.12 views

Cross site request forgery (csrf)

WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery CSRF attacks or have other unknown impact...

4.3CVSS7.3AI score0.00927EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/03/02 9:18 p.m.4 views

CVE-2007-1174

Multiple cross-site scripting XSS vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information...

4.3CVSS5.5AI score0.01659EPSS
Exploits0References6
NVD
NVD
added 2007/03/02 9:18 p.m.16 views

CVE-2007-1186

WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact...

5CVSS6.6AI score0.01076EPSS
Exploits0References5
NVD
NVD
added 2007/03/02 9:18 p.m.15 views

CVE-2007-1187

WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via 1 the Forum Archive feature and 2 Recent Searches...

5.5CVSS5.8AI score0.01143EPSS
Exploits0References6
NVD
NVD
added 2007/03/02 9:18 p.m.19 views

CVE-2007-1181

WebAPP before 0.9.9.5 passes 1 Unused Informations and 2 the username through Edit Profile forms, which has unknown impact and attack vectors...

5CVSS6.6AI score0.01076EPSS
Exploits0References5
NVD
NVD
added 2007/03/02 9:18 p.m.19 views

CVE-2007-1185

The 1 Search, 2 Edit Profile, 3 Recommend, and 4 User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors...

5CVSS6.7AI score0.01076EPSS
Exploits0References5
Rows per page
Query Builder