Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-0466
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote malicious users to list directories and read files. NOTE: this can be leveraged for listings outside the c...
Webwiz Web Wiz Forums 9.07
Webwiz Web Wiz Newspad 1.02
Webwiz Web Wiz Rich Text Editor 4.0
2 EDB exploits
6.8
CVSSv2
CVE-2007-6496
Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote malicious users to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdo...
Hosting Controller Hosting Controller 6.1 Hotfix 3.3
1 EDB exploit
4.9
CVSSv2
CVE-2007-6500
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
Hosting Controller Hosting Controller
1 EDB exploit
7.5
CVSSv2
CVE-2008-0428
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
Bloofoxcms Bloofoxcms 0.3
1 EDB exploit
5
CVSSv2
CVE-2008-0481
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote malicious users to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
Web Wiz Rich Text Editor 4.0
1 EDB exploit
6.4
CVSSv2
CVE-2008-0473
RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote malicious users to upload (1) .html and (2) .htm files via unspecified vectors.
Web Wiz Rich Text Editor 4.0
1 EDB exploit
5
CVSSv2
CVE-2008-0480
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and previous versions allow remote malicious users to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
Web Wiz Web Wiz Forums
1 EDB exploit
7.5
CVSSv2
CVE-2008-0546
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and previous versions 4.1.x versions, allow remote malicious users to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter ...
Shoppingtree Candypress Store 4.1.1.26
Shoppingtree Candypress Store 4.1
1 EDB exploit
4.3
CVSSv2
CVE-2008-0547
Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote malicious users to inject arbitrary web script or HTML via the helpfield parameter.
Shoppingtree Candypress Store 4.1.1.26
Shoppingtree Candypress Store 4.1
1 EDB exploit
7.5
CVSSv2
CVE-2007-6650
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote malicious users to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file.
Bitweaver R2 Cms
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »