Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dsecrg vulnerabilities and exploits
(subscribe to this query)
470
VMScore
CVE-2009-1553
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote malicious users to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) ...
Oracle Glassfish Server 2.1
8 EDB exploits
450
VMScore
CVE-2008-3315
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote malicious users to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e...
Claroline Claroline 1.8.10
4 EDB exploits
440
VMScore
CVE-2009-0038
Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 up to and including 2.1.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description...
Apache Geronimo 2.1.2
Apache Geronimo 2.1.1
Apache Geronimo 2.1
Apache Geronimo 2.1.3
2 EDB exploits
645
VMScore
CVE-2008-2820
Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Azimyt Open Azimyt Cms 0.22 Minimal
Azimyt Open Azimyt Cms 0.21 Stable
1 EDB exploit
645
VMScore
CVE-2007-6546
RunCMS prior to 1.6.1 uses a predictable session id, which makes it easier for remote malicious users to hijack sessions via a modified id.
Runcms Runcms
1 EDB exploit
685
VMScore
CVE-2007-6547
RunCMS prior to 1.6.1 does not require entry of the old password during a password change, which allows context-dependent malicious users to change passwords upon obtaining temporary access to a session.
Runcms Runcms
1 EDB exploit
755
VMScore
CVE-2007-6548
Multiple direct static code injection vulnerabilities in RunCMS prior to 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter ...
Runcms Runcms
1 EDB exploit
935
VMScore
CVE-2009-0465
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote malicious users to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box ...
Synactis All In The Box.ocx 3
1 EDB exploit
685
VMScore
CVE-2008-6884
Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter to (1) blocks.php and (2) main.php in xoops_lib/modul...
Xoops Xoops 2.3.1
1 EDB exploit
685
VMScore
CVE-2009-0039
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 up to and including 2.1.3 allow remote malicious users to hijack the authentication of administrators for requests that (1) change the web admini...
Apache Geronimo 2.1.2
Apache Geronimo 2.1.1
Apache Geronimo 2.1
Apache Geronimo 2.1.3
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »