Search Results | AttackerKB

Show filters

Topics 43 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

43 Total Results

Displaying 31-40 of 43

Attacker Value

Unknown

CVE-2009-2124

Disclosure Date: June 19, 2009 (last updated October 04, 2023)

Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter.

0

Attacker Value

Unknown

CVE-2009-2125

Disclosure Date: June 19, 2009 (last updated October 04, 2023)

delete_bug.php in Elvin before 1.2.1 does not require administrative privileges, which allows remote authenticated users to bypass intended access restrictions and delete arbitrary bugs.

0

Attacker Value

Unknown

CVE-2008-6667

Disclosure Date: April 08, 2009 (last updated October 04, 2023)

A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.

0

Attacker Value

Unknown

CVE-2009-0764

Disclosure Date: March 06, 2009 (last updated October 04, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to (1) index.php and (2) kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

0

Attacker Value

Unknown

CVE-2009-0766

Disclosure Date: March 06, 2009 (last updated October 04, 2023)

Directory traversal vulnerability in default.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the configfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

0

Attacker Value

Unknown

CVE-2009-0763

Disclosure Date: March 06, 2009 (last updated October 04, 2023)

Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter.

0

Attacker Value

Unknown

CVE-2009-0767

Disclosure Date: March 06, 2009 (last updated October 04, 2023)

Kipper 2.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing credentials via a direct request for job/config.data.

0

Attacker Value

Unknown

CVE-2009-0765

Disclosure Date: March 06, 2009 (last updated October 04, 2023)

Directory traversal vulnerability in index.php in Kipper 2.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the configfile parameter.

0

Attacker Value

Unknown

CVE-2008-0691

Disclosure Date: February 12, 2008 (last updated October 04, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters.

0

Attacker Value

Unknown

CVE-2006-0979

Disclosure Date: March 03, 2006 (last updated February 22, 2025)

Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors.

0