Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
runcms runcms 1.1 vulnerabilities and exploits
(subscribe to this query)
7.6
CVSSv2
CVE-2006-1793
Directory traversal vulnerability in runCMS 1.2 and previous versions allows remote malicious users to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.
Runcms Runcms 1.1
Runcms Runcms 1.1a
Runcms Runcms
1 EDB exploit
6.8
CVSSv2
CVE-2006-0659
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and previous versions, with register_globals and allow_url_fopen enabled, allow remote malicious users to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php...
Runcms Runcms 1.1a
Runcms Runcms 1.1
Runcms Runcms
1 EDB exploit
7.5
CVSSv2
CVE-2005-2691
includes/common.php in RunCMS 1.2 and previous versions calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote malicious users to overwrite arbitrary variables, possibly allowing execution of arbitrary code.
Runcms Runcms 1.1
Runcms Runcms 1.1a
Runcms Runcms 1.2
7.5
CVSSv2
CVE-2005-2692
Multiple SQL injection vulnerabilities in RunCMS 1.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply...
Runcms Runcms 1.1a
Runcms Runcms 1.1
Runcms Runcms 1.2
5
CVSSv2
CVE-2006-0875
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote malicious users to inject arbitrary web script or HTML via the lid parameter.
Runcms Runcms 1.3a
Runcms Runcms 1.3a2
Runcms Runcms 1.3a5
Runcms Runcms 1.1
Runcms Runcms 1.1a
Runcms Runcms 1.2
1 EDB exploit
4.3
CVSSv2
CVE-2006-1216
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Runcms Runcms 1.1
Runcms Runcms 1.2
Runcms Runcms 1.1a
Runcms Runcms 1.3a
Runcms Runcms 1.3a2
Runcms Runcms 1.3a5
1 EDB exploit
5
CVSSv2
CVE-2005-1031
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote malicious users to upload arbitrary files.
E-xoops E-xoops 1.05r3
Runcms Runcms 1.1
Runcms Runcms 1.1a
5
CVSSv2
CVE-2005-0828
highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote malicious users to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database co...
Runcms Runcms 1.1a
E-xoops E-xoops 1.05r3
Ciamos Ciamos 0.9.2 Rc1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started