Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1991
Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote malicious users to inject arbitrary web script or HTML via the field parameter.
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
NA
CVE-2008-1993
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote malicious users to upload arbitrary files.
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
NA
CVE-2008-2022
Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requ...
Pd9 Software Megabbs 2.2
1 EDB exploit
NA
CVE-2008-2023
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote malicious users to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.
Pd9 Software Megabbs 2.2
1 EDB exploit
NA
CVE-2008-2967
Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and previous versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlare...
Yektaweb Academic Web Tools
1 EDB exploit
NA
CVE-2008-2968
SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and previous versions, allows remote malicious users to execute arbitrary SQL commands via the book_id parameter.
Yektaweb Academic Web Tools
1 EDB exploit
NA
CVE-2008-2970
Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and previous versions, allow remote malicious users to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.
Yektaweb Academic Web Tools
1 EDB exploit
NA
CVE-2008-1896
Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp.
Carboncommunities Carbon Communities 1.1
Carboncommunities Carbon Communities 2.1
Carboncommunities Carbon Communities 1.0
Carboncommunities Carbon Communities 2.2
Carboncommunities Carbon Communities 2.3
Carboncommunities Carbon Communities
1 EDB exploit
NA
CVE-2008-1906
Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce 1.1.0 allows remote malicious users to inject arbitrary web script or HTML via the year parameter in a view.year action.
Cpcommerce Cpcommerce 1.1.0
1 EDB exploit
NA
CVE-2008-1907
Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote malicious users to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably ...
Cpcommerce Cpcommerce 1.1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »