Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
high-tech bridge sa vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5244
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widget...
Bananadance Banana Dance
1 EDB exploit
9.8
CVSSv3
CVE-2012-5699
BabyGekko prior to 1.2.4 allows PHP file inclusion.
Babygekko Babygekko
1 EDB exploit
NA
CVE-2015-3897
Directory traversal vulnerability in Bonita BPM Portal prior to 6.5.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
Bonitasoft Bonita Bpm Portal
1 EDB exploit
6.1
CVSSv3
CVE-2015-3898
Multiple open redirect vulnerabilities in Bonita BPM Portal prior to 6.5.3 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
Bonitasoft Bonita Bpm Portal
1 EDB exploit
8.8
CVSSv3
CVE-2015-4117
Vesta Control Panel prior to 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
Vestacp Control Panel
1 EDB exploit
NA
CVE-2015-4118
SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig prior to 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2.
Ispconfig Ispconfig
1 EDB exploit
NA
CVE-2015-4119
Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig prior to 3.0.5.4p7 allow remote malicious users to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary user...
Ispconfig Ispconfig
1 EDB exploit
NA
CVE-2013-3727
SQL injection vulnerability in Kasseler CMS prior to 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to execute arbitrary SQ...
Kasseler-cms Kasseler-cms
1 EDB exploit
NA
CVE-2013-3728
Cross-site scripting (XSS) vulnerability in Kasseler CMS prior to 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.
Kasseler-cms Kasseler-cms
1 EDB exploit
NA
CVE-2013-3729
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS prior to 2 r1232 allow remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail ...
Kasseler-cms Kasseler-cms
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
9
10
NEXT »