Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ush vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6949
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote malicious users to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unk...
Collabtive Collabtive 0.4.8
1 EDB exploit
NA
CVE-2008-3331
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the filter_target parameter.
Mantis Mantis 0.10.0
Mantis Mantis 0.10.1
Mantis Mantis 0.13.0
Mantis Mantis 0.13.1
Mantis Mantis 0.14.5
Mantis Mantis 0.14.6
Mantis Mantis 0.15.11
Mantis Mantis 0.15.12
Mantis Mantis 0.15.9
Mantis Mantis 0.11.0
Mantis Mantis 0.11.1
Mantis Mantis 0.14.1
Mantis Mantis 0.14.2
Mantis Mantis 0.15
Mantis Mantis 0.15.0
Mantis Mantis 0.15.4
Mantis Mantis 0.15.5
Mantis Mantis 0.15.6
Mantis Mantis 0.17
Mantis Mantis 0.17.0
Mantis Mantis 0.18
Mantis Mantis 0.18.0
1 EDB exploit
NA
CVE-2009-3247
Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote malicious users to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3.
Vtiger Vtiger Crm 5.0.4
1 EDB exploit
NA
CVE-2009-3248
Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote malicious users to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.
Vtiger Vtiger Crm 5.0.4
1 EDB exploit
NA
CVE-2009-3250
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Serve...
Vtiger Vtiger Crm 5.0.4
1 EDB exploit
NA
CVE-2008-3332
Eval injection vulnerability in adm_config_set.php in Mantis prior to 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
Mantis Mantis 0.11
Mantis Mantis 0.11.0
Mantis Mantis 0.14
Mantis Mantis 0.10
Mantis Mantis 0.10.0
Mantis Mantis 0.12.0
Mantis Mantis 0.13
Mantis Mantis 0.14.4
Mantis Mantis 0.14.5
Mantis Mantis 0.15.10
Mantis Mantis 0.15.11
Mantis Mantis 0.15.7
Mantis Mantis 0.15.8
Mantis Mantis 0.17.2
Mantis Mantis 0.17.3
Mantis Mantis 0.18.0a1
Mantis Mantis 0.18.0a2
Mantis Mantis 0.19
Mantis Mantis 0.19.0
Mantis Mantis 0.19.0 Rc1
Mantis Mantis 0.19.4
Mantis Mantis 0.9
1 EDB exploit
NA
CVE-2008-6948
Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) t...
Collabtive Collabtive 0.4.8
1 EDB exploit
NA
CVE-2009-2146
Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) prior to 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the ...
Sugarcrm Sugarcrm 5.0.0h
Sugarcrm Sugarcrm 5.2d
Sugarcrm Sugarcrm 5.1.0
Sugarcrm Sugarcrm 5.1.0-beta
Sugarcrm Sugarcrm 5.1c
Sugarcrm Sugarcrm
Sugarcrm Sugarcrm 5.0.0
Sugarcrm Sugarcrm 5.0.0k
Sugarcrm Sugarcrm 5.2c
1 EDB exploit
NA
CVE-2008-6946
Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote malicious users to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to ...
Collabtive Collabtive 0.4.8
1 EDB exploit
NA
CVE-2008-6947
Collabtive 0.4.8 allows remote malicious users to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
Collabtive Collabtive 0.4.8
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »