Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web frontend vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2006-2815
Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote malicious users to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" ...
Two Shoes Mambo Factory Simpleboard 1.1.0 Stable
NA
CVE-2022-36105
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension ...
Typo3 Typo3
7.5
CVSSv2
CVE-2016-10134
SQL injection vulnerability in Zabbix prior to 2.2.14 and 3.0 prior to 3.0.4 allows remote malicious users to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
Zabbix Zabbix 3.0.0
Zabbix Zabbix 3.0.2
Zabbix Zabbix
Zabbix Zabbix 3.0.3
Zabbix Zabbix 3.0.1
4.3
CVSSv2
CVE-2008-0783
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allow remote malicious users to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the actio...
Cacti Cacti 0.8
Cacti Cacti 0.8.1
Cacti Cacti 0.8.5a
Cacti Cacti 0.8.6c
Cacti Cacti 0.6.7
Cacti Cacti 0.8.4
Cacti Cacti 0.8.5
Cacti Cacti 0.8.7a
Cacti Cacti 0.8.2
Cacti Cacti 0.8.2a
Cacti Cacti 0.8.6f
Cacti Cacti 0.8.6i
Cacti Cacti 0.8.3
Cacti Cacti 0.8.3a
Cacti Cacti 0.8.6j
Cacti Cacti 0.8.7
2 EDB exploits
5
CVSSv2
CVE-2021-41114
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute...
Typo3 Typo3
4.3
CVSSv2
CVE-2014-4002
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote malicious users to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_...
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Cacti Cacti 0.8.8b
7.2
CVSSv2
CVE-2022-31087
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attack...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
5
CVSSv2
CVE-2022-31088
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This is...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
6.8
CVSSv2
CVE-2022-31084
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. T...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2022-31085
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions before 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryp...
Ldap-account-manager Ldap Account Manager
Debian Debian Linux 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »