Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

thor larholm vulnerabilities and exploits

(subscribe to this query)
NA

CVE-2003-0116

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote malicious users to read files on the local system via a web page containing script that creates a dialog and then accesses the ta...
Microsoft Ie 6.0Microsoft Internet Explorer 5.5Microsoft Internet Explorer 5.0.1Microsoft Internet Explorer 6.0
NA

CVE-2008-5432

Cross-site scripting (XSS) vulnerability in Moodle prior to 1.6.8, 1.7 prior to 1.7.6, 1.8 prior to 1.8.7, and 1.9 prior to 1.9.3 allows remote malicious users to inject arbitrary web script or HTML via a Wiki page name (aka page title).
Moodle Moodle 1.5.2Moodle Moodle 1.9.1Moodle Moodle 1.6.1Moodle Moodle 1.8.2Moodle Moodle 1.2.1Moodle Moodle 1.4.2Moodle Moodle 1.6.5Moodle Moodle 1.3.3Moodle Moodle 1.4.3Moodle Moodle 1.4.5Moodle Moodle 1.9.2Moodle Moodle 1.8.6Moodle Moodle 1.7.1Moodle MoodleMoodle Moodle 1.8.5Moodle Moodle 1.8.3Moodle Moodle 1.3.2Moodle Moodle 1.6.4Moodle Moodle 1.1.1Moodle Moodle 1.3.1Moodle Moodle 1.4.4Moodle Moodle 1.7.3
NA

CVE-2008-5153

spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
Moodle Moodle 1.8.2
NA

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer prior to 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote malicious users to execute arbitrary code via crafted input that is processed by the ...
Roundcube Webmail 0.2.1Roundcube Webmail 0.2.3
NA

CVE-2007-3215

PHPMailer 1.7, when configured to use sendmail, allows remote malicious users to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
Phpmailer Phpmailer 1.7Phpmailer Phpmailer 1.73Phpmailer Phpmailer 1.7.2Phpmailer Phpmailer 1.7.1Phpmailer Phpmailer 1.7.3
NA

CVE-2008-6124

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 prior to 1.6.7, 1.7 prior to 1.7.5, 1.8 prior to 1.8.6, and 1.9 prior to 1.9.2 allows remote malicious users to execute arbitrary SQL commands via a crafte...
Moodle MoodleDebian Debian Linux 4.0
NA

CVE-2008-4796

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and previous versions, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote malicious users to execute arbitrary commands vi...
Snoopy Project SnoopyDebian Debian Linux 5.0Debian Debian Linux 4.0Nagios NagiosWordpress Wordpress
NA

CVE-2008-4810

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote malicious users to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a doub...
Smarty Smarty 1.4.3Smarty Smarty 1.0Smarty Smarty 1.0bSmarty Smarty 2.3.1Smarty Smarty 2.6.0Smarty Smarty 1.4.0Smarty Smarty 1.4.5Smarty Smarty 2.6.1Smarty Smarty 2.6.7Smarty Smarty 2.3.0Smarty Smarty 1.0aSmarty Smarty 1.1.0Smarty Smarty 2.6.15Smarty Smarty 2.6.3Smarty Smarty 2.6.14Smarty Smarty 2.5.0Smarty Smarty 1.2.1Smarty Smarty 2.6.17Smarty Smarty 2.6.11Smarty Smarty 1.3.0Smarty Smarty 1.4.1Smarty Smarty 2.0.1
NA

CVE-2008-4811

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and previous versions allows remote malicious users to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
Smarty Smarty 1.4.3Smarty Smarty 1.0Smarty Smarty 1.0bSmarty Smarty 2.3.1Smarty Smarty 2.6.0Smarty Smarty 1.4.0Smarty Smarty 1.4.5Smarty Smarty 2.6.1Smarty Smarty 2.6.7Smarty Smarty 2.3.0Smarty Smarty 1.0aSmarty Smarty 1.1.0Smarty Smarty 2.6.15Smarty Smarty 2.6.3Smarty Smarty 2.6.14Smarty Smarty 2.5.0Smarty Smarty 1.2.1Smarty Smarty 2.6.17Smarty Smarty 2.6.11Smarty Smarty 1.3.0Smarty Smarty 1.4.1Smarty Smarty 2.0.1
NA

CVE-2009-0499

Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 prior to 1.7.7, 1.8 prior to 1.8.8, and 1.9 prior to 1.9.4 allows remote malicious users to delete unauthorized forum posts via a link or IMG tag to post.php.
Moodle Moodle 1.9.1Moodle Moodle 1.8.2Moodle Moodle 1.7.6Moodle Moodle 1.9.2Moodle Moodle 1.8.6Moodle Moodle 1.7.1Moodle Moodle 1.8.5Moodle Moodle 1.8.3Moodle Moodle 1.8.7Moodle Moodle 1.9.3Moodle Moodle 1.7.3Moodle Moodle 1.7.2Moodle Moodle 1.7.5Moodle Moodle 1.8.4Moodle Moodle 1.8.1Moodle Moodle 1.7.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4541CVE-2024-3080CVE-2024-4787log injectionCVE-2024-5967injectCVE-2024-30078CVE-2024-5899
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook