|
347071
|
- |
|
phpstat
|
phpstat
|
setup.php in phpStat 1.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the $check variable.
|
CWE-20
Improper Input Validation
|
CVE-2005-1787
|
2016-11-26 03:27 |
2005-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347072
|
- |
|
postnuke_software_foundation
|
postnuke
|
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2005-1778
|
2016-11-26 03:26 |
2005-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347073
|
- |
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0855.
|
NVD-CWE-noinfo
|
CVE-2010-0086
|
2016-11-19 12:02 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347074
|
- |
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0086.
|
NVD-CWE-noinfo
|
CVE-2010-0855
|
2016-11-19 12:02 |
2010-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347075
|
- |
|
viewcvs
|
viewcvs
|
Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.
|
NVD-CWE-Other
|
CVE-2002-0771
|
2016-11-19 11:59 |
2002-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347076
|
- |
|
microsoft
|
internet_explorer
|
The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by enc…
|
CWE-20
Improper Input Validation
|
CVE-2000-0400
|
2016-11-8 03:25 |
2000-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347077
|
- |
|
siteatschool
|
siteatschool
|
PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/incl…
|
NVD-CWE-Other
|
CVE-2006-4921
|
2016-10-18 12:41 |
2006-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347078
|
- |
|
hotplug_cms
|
hotplug_cms
|
SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (…
|
NVD-CWE-Other
|
CVE-2006-3190
|
2016-10-18 12:40 |
2006-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347079
|
- |
|
banex
|
banex
|
Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) …
|
NVD-CWE-Other
|
CVE-2006-3963
|
2016-10-18 12:40 |
2006-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347080
|
- |
|
banex
|
banex
|
PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.
|
NVD-CWE-Other
|
CVE-2006-3964
|
2016-10-18 12:40 |
2006-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
