Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netanel rubin vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2184
Movable Type prior to 5.2.6 does not properly use the Storable::thaw function, which allows remote malicious users to execute arbitrary code via the comment_state parameter.
Sixapart Movable Type
NA
CVE-2015-1592
Movable Type Pro, Open Source, and Advanced prior to 5.2.12 and Pro and Advanced 6.0.x prior to 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote malicious users to include and execute arbitrary local Perl files and possibly execute arbitrary code ...
Debian Debian Linux 7.0
Sixapart Movable Type
1 EDB exploit
NA
CVE-2014-9057
SQL injection vulnerability in the XML-RPC interface in Movable Type prior to 5.18, 5.2.x prior to 5.2.11, and 6.x prior to 6.0.6 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Debian Debian Linux 7.0
Sixapart Movable Type 5.2.9
Sixapart Movable Type
Sixapart Movable Type 6.0.3
Sixapart Movable Type 5.2.3
Sixapart Movable Type 5.2
Sixapart Movable Type 5.2.2
Sixapart Movable Type 6.0
Sixapart Movable Type 5.2.8
Sixapart Movable Type 5.2.5
Sixapart Movable Type 6.0.1
Sixapart Movable Type 5.2.10
Sixapart Movable Type 6.0.4
Sixapart Movable Type 5.2.4
Sixapart Movable Type 6.0.2
Sixapart Movable Type 5.2.7
Sixapart Movable Type 6.0.5
Sixapart Movable Type 5.2.6
NA
CVE-2015-5730
The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress prior to 4.2.4 does not use a constant-time comparison for widgets, which allows remote malicious users to conduct a timing side-channel attack by measuring the delay before inequalit...
Wordpress Wordpress
NA
CVE-2015-2213
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress prior to 4.2.4 allows remote malicious users to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
Wordpress Wordpress
1 Article
NA
CVE-2015-5731
Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress prior to 4.2.4 allows remote malicious users to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service (editing blockage), via a get-po...
Wordpress Wordpress
NA
CVE-2015-5732
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a widget title.
Wordpress Wordpress
1 Github repository
NA
CVE-2015-5734
Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress prior to 4.2.4 allows remote malicious users to inject arbitrary web script or HTML via a crafted string.
Wordpress Wordpress
5 Github repositories
NA
CVE-2015-5622
Cross-site scripting (XSS) vulnerability in WordPress prior to 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-i...
Wordpress Wordpress
Debian Debian Linux 8.0
13 Github repositories
9.1
CVSSv3
CVE-2014-7236
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki prior to 6.0.1 allows remote malicious users to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
Twiki Twiki 6.0
Twiki Twiki
1 EDB exploit
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »