Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dragonfly dragonfly vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-33564
An argument injection vulnerability in the Dragonfly gem prior to 1.4.0 for Ruby allows remote malicious users to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate a...
Dragonfly Project Dragonfly
2 Github repositories
NA
CVE-2006-4162
Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the search field.
Cpg-nuke Dragonfly Cms 9.0.4.0
Cpg-nuke Dragonfly Cms 9.0.5.0
Cpg-nuke Dragonfly Cms 9.0.2.0
Cpg-nuke Dragonfly Cms 9.0.3.0
Cpg-nuke Dragonfly Cms 9.0.1.1
Cpg-nuke Dragonfly Cms 9.0.6.0
Cpg-nuke Dragonfly Cms 9.0.6.1
NA
CVE-2006-1033
Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS prior to 9.0.6.1 allow remote malicious users to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, ...
Cpg-nuke Dragonfly Cms 9.0.3.0
Cpg-nuke Dragonfly Cms 9.0.4.0
Cpg-nuke Dragonfly Cms 9.0.1.1
Cpg-nuke Dragonfly Cms 9.0.2.0
Cpg-nuke Dragonfly Cms 9.0.5.0
Cpg-nuke Dragonfly Cms 9.0.6.0
7 EDB exploits
9.1
CVSSv3
CVE-2021-33473
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows malicious users to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.
Dragonfly Project Dragonfly 1.3.0
NA
CVE-2005-4351
The securelevels implementation in FreeBSD 7.0 and previous versions, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.
Freebsd Freebsd 7.0
Dragonfly Dragonfly
Openbsd Openbsd
Freebsd Freebsd
Linux Linux Kernel
7.5
CVSSv3
CVE-2022-41967
Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versio...
Hypera Dragonfly 0.3.0-snapshot
NA
CVE-2005-2220
Dragonfly Commerce allows remote malicious users to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has dispu...
Incredible Interactive Dragonfly Commerce
NA
CVE-2005-2221
Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote malicious users to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp,...
Incredible Interactive Dragonfly Commerce
NA
CVE-2013-5671
lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote malicious users to execute arbitrary commands via unspecified vectors.
Mark Evans Fog-dragonfly 0.8.2
NA
CVE-2006-0726
Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote malicious users to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users.
Cpg-nuke Dragonfly Cms 9.0.6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »