Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahendra vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2014-9127
Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php.
Open-school Open-school 2.2
6.1
CVSSv3
CVE-2014-9126
Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote malicious users to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php.
Open-school Open-school 2.2
9.8
CVSSv3
CVE-2014-9148
Fiyo CMS 2.0.1.8 allows remote malicious users to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
Fiyo Fiyo Cms
1 EDB exploit
7.5
CVSSv3
CVE-2014-9147
Fiyo CMS 2.0.1.8 allows remote malicious users to obtain sensitive information via a direct request to the database backup file in .backup/.
Fiyo Fiyo Cms
1 EDB exploit
NA
CVE-2014-9146
Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.
Fiyo Fiyo Cms 2.0.1.8
1 EDB exploit
NA
CVE-2014-9145
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php...
Fiyo Fiyo Cms 2.0.1.8
1 EDB exploit
NA
CVE-2013-6041
index.php in Softaculous Webuzo prior to 2.1.4 allows remote malicious users to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.
Softaculous Webuzo
Softaculous Webuzo 2.1.1
Softaculous Webuzo 2.1.0
Softaculous Webuzo 2.1.2
1 EDB exploit
NA
CVE-2013-6043
The login function in Softaculous Webuzo prior to 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote malicious users to enumerate usernames via a series of requests.
Softaculous Webuzo
Softaculous Webuzo 2.1.1
Softaculous Webuzo 2.1.0
Softaculous Webuzo 2.1.2
1 EDB exploit
NA
CVE-2014-8072
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
Openmrs Openmrs 2.1
NA
CVE-2014-8073
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote malicious users to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.
Openmrs Openmrs 2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »