Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0466
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote malicious users to list directories and read files. NOTE: this can be leveraged for listings outside the c...
Webwiz Web Wiz Forums 9.07
Webwiz Web Wiz Newspad 1.02
Webwiz Web Wiz Rich Text Editor 4.0
2 EDB exploits
NA
CVE-2008-1895
Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3...
Carboncommunities Carbon Communities 2.1
Carboncommunities Carbon Communities 2.2
Carboncommunities Carbon Communities 1.0
Carboncommunities Carbon Communities 1.1
Carboncommunities Carbon Communities 2.3
Carboncommunities Carbon Communities
1 EDB exploit
NA
CVE-2008-1896
Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.
Carboncommunities Carbon Communities 1.1
Carboncommunities Carbon Communities 2.1
Carboncommunities Carbon Communities 1.0
Carboncommunities Carbon Communities 2.2
Carboncommunities Carbon Communities 2.3
Carboncommunities Carbon Communities
1 EDB exploit
NA
CVE-2008-1906
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote malicious users to inject arbitrary web script or HTML via the year parameter in a view.year action.
Cpcommerce Cpcommerce 1.1.0
1 EDB exploit
NA
CVE-2008-1908
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.a...
Cpcommerce Cpcommerce 1.1.0
1 EDB exploit
NA
CVE-2008-1991
Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote malicious users to inject arbitrary web script or HTML via the field parameter.
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
NA
CVE-2008-1993
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote malicious users to upload arbitrary files.
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
NA
CVE-2008-2022
Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requ...
Pd9 Software Megabbs 2.2
1 EDB exploit
NA
CVE-2008-5792
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote malicious users to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal is...
Indisguise Indiscripts Enthusiast
1 EDB exploit
NA
CVE-2008-5853
Chilek Content Management System (aka ChiCoMaS) 2.0.4 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to (1) obtain database credentials via a direct request for config.inc or (2) read dat...
Chicomas Chicomas
Chicomas Chicomas 2.0.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »