Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0466
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote malicious users to list directories and read files. NOTE: this can be leveraged for listings outside the c...
Webwiz Web Wiz Forums 9.07
Webwiz Web Wiz Newspad 1.02
Webwiz Web Wiz Rich Text Editor 4.0
2 EDB exploits
7.5
CVSSv3
CVE-2009-0964
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows malicious users to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
Xlinesoft Phprunner
1 EDB exploit
NA
CVE-2008-1992
Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote malicious users to bypass restrictions and relay email messages with modified From, FromName, and To fields.
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
NA
CVE-2008-2753
Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote malicious users to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/.
Paridel Pooya Site Builder 6.0
1 EDB exploit
NA
CVE-2008-0427
Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Bloo Bloofoxcms 0.3
1 EDB exploit
NA
CVE-2008-0479
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote malicious users to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
Web Wiz Newspad 1.02
1 EDB exploit
NA
CVE-2008-0546
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and previous versions 4.1.x versions, allow remote malicious users to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter ...
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
NA
CVE-2008-1896
Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.
Carboncommunities Carbon Communities 1.1
Carboncommunities Carbon Communities 2.1
Carboncommunities Carbon Communities 1.0
Carboncommunities Carbon Communities 2.2
Carboncommunities Carbon Communities 2.3
Carboncommunities Carbon Communities
1 EDB exploit
NA
CVE-2008-1906
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote malicious users to inject arbitrary web script or HTML via the year parameter in a view.year action.
Cpcommerce Cpcommerce 1.1.0
1 EDB exploit
NA
CVE-2008-0428
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
Bloofoxcms Bloofoxcms 0.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »