Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ihsan sencan vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-17651
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
Paid To Read Script Project Paid To Read Script 2.0.5
1 EDB exploit
7.5
CVSSv3
CVE-2017-17876
Biometric Shift Employee Management System 3.0 allows remote malicious users to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter.
Iwcnetwork Shift 3.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-6370
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
Neojoomla Neorecruit 4.1
1 EDB exploit
7.5
CVSSv3
CVE-2018-6397
Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.
Joomlacalendars Picture Calendar 3.1.4
1 EDB exploit
9.8
CVSSv3
CVE-2018-6398
SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.
Joomlacalendars Event Calendar 3.0.1
1 EDB exploit
9.8
CVSSv3
CVE-2018-6582
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
Zh Googlemap Project Zh Googlemap 8.4.0.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-6604
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request.
Zh Yandexmap Project Zh Yandexmap 6.2.1.0
1 EDB exploit
7.5
CVSSv3
CVE-2018-6610
Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request.
Jlike Project Jlike 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-5973
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
Eihitech Professional Local Directory Script 1.0
1 EDB exploit
8.8
CVSSv3
CVE-2018-5969
Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account.
Photography Cms Project Photography Cms 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »