Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unauthorized vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2007-6077
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, wh...
Rubyonrails Rails 1.2.4
605
VMScore
CVE-2007-5380
Session fixation vulnerability in Rails prior to 1.2.4, as used for Ruby on Rails, allows remote malicious users to hijack web sessions via unspecified vectors related to "URL-based sessions."
David Hansson Ruby On Rails
755
VMScore
CVE-2006-2737
utilities/register.asp in Nukedit 4.9.6 and previous versions allows remote malicious users to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
Nukedit Nukedit
Nukedit Nukedit 4.9.0
Nukedit Nukedit 4.9.1
Nukedit Nukedit 4.9.2
Nukedit Nukedit 4.9.3
1 EDB exploit
645
VMScore
CVE-2006-2771
admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote malicious users to delete arbitrary posts via a modified delID parameter.
Hogstorps Hogstorp Guestbook 2.0
1 EDB exploit
645
VMScore
CVE-2003-1488
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote malicious users to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
Truelogik Truegalerie 1.0
1 EDB exploit
756
VMScore
CVE-2015-2208
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote malicious users to execute arbitrary commands via shell metacharacters in the object parameter.
Avinu Phpmoadmin 1.1.2
1 EDB exploit
3 Github repositories
515
VMScore
CVE-2006-4450
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote malicious users to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
Phpbb Group Phpbb 2.0.20
1 EDB exploit
505
VMScore
CVE-2002-1830
Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote malicious users to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters.
Openbb Openbb 1.0.0 Rc2
Openbb Openbb 1.0.0 Rc3
Openbb Openbb 1.0.0 Rc1
1 EDB exploit
505
VMScore
CVE-2005-1480
Directory traversal vulnerability in RaidenFTPD prior to 2.4.2241 allows remote malicious users to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command.
Raiden Professional Servers Raidenftpd
1 EDB exploit
435
VMScore
CVE-2007-5817
dialog.php in CONTENTCustomizer 3.1mp and previous versions allows remote malicious users to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other att...
Contentcustomizer Contentcustomizer
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »