Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
high-tech bridge sa vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-5318
The password-reset feature in as/index.php in SweetRice CMS prior to 0.6.7.1 allows remote malicious users to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.
Basic-cms Sweetrice 0.6.7.1
1 EDB exploit
NA
CVE-2011-5313
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote malicious users to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program.
Redaxscript Redaxscript 0.3.2
1 EDB exploit
NA
CVE-2011-5318
Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS prior to 5.1 allow remote malicious users to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a sav...
Diafan Diafan.cms
1 EDB exploit
NA
CVE-2013-3295
Directory traversal vulnerability in install/popup.php in Exponent CMS prior to 2.2.0 RC1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Exponentcms Exponent Cms
NA
CVE-2014-1905
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin prior to 4.29.5 for WordPress allows remote malicious users to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file v...
Videowhisper Videowhisper Live Streaming Integration
1 EDB exploit
NA
CVE-2014-1908
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin prior to 4.29.5 for WordPress allows remote malicious users to obtain sensitive information via a direct request, which reveals ...
Videowhisper Videowhisper Live Streaming Integration
1 EDB exploit
NA
CVE-2014-8793
Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver prior to 3.0.6 allows remote malicious users to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.
Revive-adserver Revive Adserver
NA
CVE-2014-87931
Revive Adserver version 3.0.5 suffers from a cross site scripting vulnerability.
NA
CVE-2014-8429
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and previous versions allows remote malicious users to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to t...
Xavoc Xepan Cms 1.0.4
Xavoc Xepan Cms
Xavoc Xepan Cms 1.0.4.1
1 EDB exploit
NA
CVE-2014-8539
Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php.
Simple Email Form Project Simple Email Form
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »