CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

GithubExploit•added 2026/04/29 3:52 a.m.•80 views

Exploit for Command Injection in Github Enterprise_Server

CVE-2026-3854 PoC — GitHub RCE via X-Stat Push Option Injectio...

8.8CVSS6.3AI score0.00343EPSS

Exploits4

RedhatCVE•added 2025/05/21 8:30 p.m.•5 views

CVE-2002-2044

Cross-site scripting XSS vulnerability in xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action...

4.3CVSS5.9AI score0.00613EPSS

Exploits1References1

seebug.org•added 2009/09/05 12:0 a.m.•47 views

XStat PHPInfo可导致信息泄露漏洞

BUGTRAQ: 4280 X-Stat是一款PHP语言编写免费的WEB通信分析程序，可以运行在Unix和Linux操作系统下，也可运行在Microsoft Windows操作系统平台下。 X-Stat由于对部分错误WEB请求处理存在问题可导致相关主机信息泄露。攻击者可以对X-Stat系统中的xstatadmin.php脚本参数action提交phpinfo变量，可导致相关主机信息泄露给攻击者，包括主机信息，操作系统信息和服务器信息等。攻击者可以通过这些信息，对目标系统进行进一步的攻击。 Xqus X-Stat 2.3 Xqus X-Stat 2.2 临时解决方法：...

7.1AI score

Exploits0

seebug.org•added 2009/09/05 12:0 a.m.•10 views

X-Stat存在跨站脚本执行(CSS/XSS)漏洞

X-Stat在脚本过滤实现上不充分，存在跨站脚本可执行而导致目标用户泄露基于COOKIE认证的敏感信息。 X-Stat中的xstatadmin.php脚本对URL参数没有充分过滤，可导致恶意用户建立包含恶意脚本代码的连接，当此连接被WEB用户点击浏览时，脚本代码在WEB用户的浏览器中执行。成功利用此漏洞可以导致攻击者获得WEB用户的基于COOKIE认证的敏感信息 Xqus X-Stat 2.3 Xqus X-Stat 2.2 临时解决方法：如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁：对xstatadmin.php脚本进行javascript脚本代码过滤。厂商补丁...

7.1AI score

Exploits0

seebug.org•added 2009/09/05 12:0 a.m.•15 views

X-Stat路径信息泄露漏洞

BUGTRAQ: 4279 X-Stat由于对部分错误WEB请求处理存在问题可导致绝对路径泄露。攻击者可以对X-Stat系统中的xstatadmin.php脚本参数action提交不存在的变量，可导致相关绝对路径泄露给攻击者。攻击者可以通过这些信息，对目标系统进行进一步的攻击。 Xqus X-Stat 2.3 Xqus X-Stat 2.2 临时解决方法：如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁：对xstatadmin.php脚本进行访问控制，防止未授权用户访问。厂商补丁： Xqus ----...

7.1AI score

Exploits0

Cvelist•added 2005/07/14 4:0 a.m.•12 views

CVE-2002-2044

Cross-site scripting XSS vulnerability in xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action...

5.7AI score0.00613EPSS

Exploits1References5

CVE•added 2005/07/14 4:0 a.m.•44 views

CVE-2002-2044

CVE-2002-2044 describes a cross-site scripting (XSS) vulnerability in x-stat (version 2.3 and earlier) affecting the file x_stat_admin.php . The issue arises when a parameter to the phpinfo action is not properly sanitized, allowing remote attackers to inject arbitrary web script or HTML. Affecte...

4.3CVSS5.9AI score0.00613EPSS

Exploits1References5Affected Software1

CVE•added 2005/07/14 4:0 a.m.•36 views

CVE-2002-2045

CVE-2002-2045 affects x-stat 2.3 and earlier, via x_stat_admin.php. The flaw allows remote attackers to (1) execute PHP commands (e.g., phpinfo) or (2) reveal the web server’s full path through an invalid action parameter that leaks the pathname in an error message. The NVD CVSS v2 score is 6.4 (...

6.4CVSS7.6AI score0.00622EPSS

Exploits1References7Affected Software1

NVD•added 2002/12/31 5:0 a.m.•8 views

CVE-2002-2044

Cross-site scripting XSS vulnerability in xstatadmin.php in x-stat 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the phpinfo action...

4.3CVSS5.7AI score0.00613EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by