Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
r00t vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-43208
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
Nextgen Mirth Connect
1 Metasploit module
2 Github repositories
9.8
CVSSv3
CVE-2023-37679
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows malicious users to execute arbitrary commands on the hosting server.
Nextgen Mirth Connect 4.3.0
1 Metasploit module
NA
CVE-2007-5951
SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
E-vendejo 0.2
1 EDB exploit
NA
CVE-2007-5720
Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote malicious users to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile.
Profilecms Profilecms 1.0
1 EDB exploit
NA
CVE-2007-5721
PHP remote file inclusion vulnerability in _theme/breadcrumb.php in MySpacePros MySpace Resource Script (MSRS) 1.21 allows remote malicious users to execute arbitrary PHP code via a URL in the rootBase parameter.
Myspacepros Myspace Resource Script 1.21
1 EDB exploit
NA
CVE-2007-3534
SQL injection vulnerability in login.php in WebChat 0.78 allows remote malicious users to execute arbitrary SQL commands via the rid parameter.
Daniel Toma Webchat 0.78
1 EDB exploit
NA
CVE-2007-1240
Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 up to and including 3.0.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php...
Docebo Docebo 3.0.3
Docebo Docebo 3.0.4
Docebo Docebo 3.0.5
2 EDB exploits
NA
CVE-2007-1241
Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Audins Audiens Audins Audiens 3.3
1 EDB exploit
NA
CVE-2007-1242
SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote malicious users to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Audins Audiens Audins Audiens 3.3
1 EDB exploit
NA
CVE-2007-1243
Audins Audiens 3.3 allows remote malicious users to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the ...
Audins Audiens Audins Audiens 3.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »