Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unauthorized vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-6077
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, wh...
Rubyonrails Rails 1.2.4
6.8
CVSSv2
CVE-2007-5380
Session fixation vulnerability in Rails prior to 1.2.4, as used for Ruby on Rails, allows remote malicious users to hijack web sessions via unspecified vectors related to "URL-based sessions."
David Hansson Ruby On Rails
7.5
CVSSv2
CVE-2006-2737
utilities/register.asp in Nukedit 4.9.6 and previous versions allows remote malicious users to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
Nukedit Nukedit
Nukedit Nukedit 4.9.0
Nukedit Nukedit 4.9.1
Nukedit Nukedit 4.9.2
Nukedit Nukedit 4.9.3
1 EDB exploit
6.4
CVSSv2
CVE-2006-2771
admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote malicious users to delete arbitrary posts via a modified delID parameter.
Hogstorps Hogstorp Guestbook 2.0
1 EDB exploit
6.4
CVSSv2
CVE-2003-1488
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote malicious users to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
Truelogik Truegalerie 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2015-2208
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote malicious users to execute arbitrary commands via shell metacharacters in the object parameter.
Avinu Phpmoadmin 1.1.2
1 EDB exploit
3 Github repositories
5.1
CVSSv2
CVE-2006-4450
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote malicious users to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
Phpbb Group Phpbb 2.0.20
1 EDB exploit
5
CVSSv2
CVE-2002-1830
Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote malicious users to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters.
Openbb Openbb 1.0.0 Rc2
Openbb Openbb 1.0.0 Rc3
Openbb Openbb 1.0.0 Rc1
1 EDB exploit
5
CVSSv2
CVE-2005-1480
Directory traversal vulnerability in RaidenFTPD prior to 2.4.2241 allows remote malicious users to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command.
Raiden Professional Servers Raidenftpd
1 EDB exploit
4.3
CVSSv2
CVE-2007-5817
dialog.php in CONTENTCustomizer 3.1mp and previous versions allows remote malicious users to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other att...
Contentcustomizer Contentcustomizer
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »