Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-24489
The Request a Quote WordPress plugin prior to 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.
Emarketdesign Request A Quote
NA
CVE-2015-6355
The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote malicious users to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug ID CSCuw87226.
Cisco Unified Computing System 2.2\\(5b\\)a
NA
CVE-2010-1454
com.springsource.tcserver.serviceability.rmi.JmxSocketListener in VMware SpringSource tc Server Runtime 6.0.19 and 6.0.20 prior to 6.0.20.D, and 6.0.25.A prior to 6.0.25.A-SR01, does not properly enforce the requirement for an encrypted (aka s2enc) password, which allows remote m...
Vmware Tc Server 6.0.25.a
Vmware Tc Server 6.0.20.a
Vmware Tc Server 6.0.19.a
Vmware Tc Server 6.0.20
Vmware Tc Server 6.0.20.b
Vmware Tc Server 6.0.20.c
Vmware Tc Server 6.0.19
NA
CVE-2007-4590
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors.
Hp Dynrootdisk A.1.0.16.417
Hp Dynrootdisk A.2.0.0.592
Hp Dynrootdisk A.1.0.18.245
Hp Dynrootdisk A.1.1.0.344
Hp Hp-ux 11.23
Hp Hp-ux 11.31
Hp Hp-ux 11.11
Hp Ignite-ux C.7.1.92
Hp Ignite-ux C.7.2.93
Hp Ignite-ux C.7.3.144
Hp Ignite-ux C.7.0.212
NA
CVE-2004-1873
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote malicious users to gain privileges via the catcode parameter.
Alan Ward A-cart 2.0
2 EDB exploits
NA
CVE-2004-1874
Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote malicious users to inject arbitrary web script or HTML via the user information forms.
Alan Ward A-cart 2.0
NA
CVE-2005-4064
Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote malicious users to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.
Alan Ward A-faq 1.0
2 EDB exploits
NA
CVE-2003-1541
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
Planetmoon Guestbook Tr3.a.1
1 EDB exploit
NA
CVE-2006-6111
Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote malicious users to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-187...
Alan Ward A-cart 2.0
1 EDB exploit
7.5
CVSSv3
CVE-2014-1426
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions before 1.9.2.
Canonical Metal As A Service
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »