Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adminpanel vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2017-14597
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
Afterlogic Aurora 7.7.5
Afterlogic Webmail 7.7
6.8
CVSSv2
CVE-2012-6047
Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and previous versions allows remote malicious users to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php.
X7 Group X7 Chat 1.3.6
X7 Group X7 Chat 1.3.5b
X7 Group X7 Chat 1.3.4b
X7 Group X7 Chat 1.3.3b
X7 Group X7 Chat
X7 Group X7 Chat 1.1.1b
X7 Group X7 Chat 1.0.0b
X7 Group X7 Chat 2.0.3
X7 Group X7 Chat 2.0.0
X7 Group X7 Chat 1.3.2b
X7 Group X7 Chat 1.3.0b
X7 Group X7 Chat 1.1.2b
X7 Group X7 Chat 2.0.4.4
X7 Group X7 Chat 2.0.2
X7 Group X7 Chat 1.3.1b
X7 Group X7 Chat 1.2.0b
1 EDB exploit
6
CVSSv2
CVE-2009-4793
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then acc...
Karl Core Bandsite Cms 1.1.4
1 EDB exploit
5
CVSSv2
CVE-2008-7056
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote malicious users to obtain copies of the database via a direct request.
Grayscalecms Bandsite Cms 1.1.4
1 EDB exploit
6.8
CVSSv2
CVE-2008-7058
Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote malicious users to hijack the authentication of administrators and force a logout via adminpanel/logout.php.
Grayscalecms Bandsite Cms 1.1.4
1 EDB exploit
6.8
CVSSv2
CVE-2007-1244
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and previous versions allows remote malicious users to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leverage...
Wordpress Wordpress
1 EDB exploit
7.5
CVSSv2
CVE-2006-4984
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote malicious users to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter in (1) adminpanel/includes/mailinglist/mlist_xls.php and (2) adminpanel/includes/add_forms/addmp3....
Grayscale Bandsite Cms 1.1
4.3
CVSSv2
CVE-2006-4985
Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote malicious users to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text parameter in adminpanel/...
Grayscale Bandsite Cms 1.1
22 EDB exploits
5
CVSSv2
CVE-2006-4986
Grayscale BandSite CMS allows remote malicious users to obtain sensitive information via a direct request for (1) certain files in the includes/content directory, (2) includes/shows_preview.php, and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4) ma...
Grayscale Bandsite Cms 1.1
5.1
CVSSv2
CVE-2006-3193
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adm...
Grayscale Bandsite Cms 1.1.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2