Search Results | AttackerKB

Show filters

Topics 43 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

43 Total Results

Displaying 21-30 of 43

Attacker Value

Unknown

CVE-2014-7742

Disclosure Date: October 21, 2014 (last updated October 05, 2023)

The Noticias del Vaticano (aka com.wNoticiasdelVaticano) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

0

Attacker Value

Unknown

CVE-2009-4972

Disclosure Date: July 28, 2010 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

0

Attacker Value

Unknown

CVE-2009-4342

Disclosure Date: December 17, 2009 (last updated October 04, 2023)

SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

0

Attacker Value

Unknown

CVE-2009-2920

Disclosure Date: August 21, 2009 (last updated October 04, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php.

0

Attacker Value

Unknown

CVE-2009-2129

Disclosure Date: June 19, 2009 (last updated October 04, 2023)

Cross-site request forgery (CSRF) vulnerability in login.php in Elvin 1.2.0 allows remote attackers to hijack the authentication of arbitrary users via a logout action.

0

Attacker Value

Unknown

CVE-2009-2128

Disclosure Date: June 19, 2009 (last updated October 04, 2023)

SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field.

0

Attacker Value

Unknown

CVE-2009-2127

Disclosure Date: June 19, 2009 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

0

Attacker Value

Unknown

CVE-2009-2126

Disclosure Date: June 19, 2009 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the title (aka subject) field.

0

Attacker Value

Unknown

CVE-2009-2130

Disclosure Date: June 19, 2009 (last updated October 04, 2023)

Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) login.ei, (2) jump_bug.ei, or (3) create_account.ei in inc/ via a direct request.

0

Attacker Value

Unknown

CVE-2009-2123

Disclosure Date: June 19, 2009 (last updated October 04, 2023)

Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.

0