Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vanilla vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-3759
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and previous versions has unknown impact and remote attack vectors.
Lussumo Vanilla 1.0.3
Lussumo Vanilla 1.1
Lussumo Vanilla 1.0.1
Lussumo Vanilla 1.0.2
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1
Lussumo Vanilla 1.1.3
Lussumo Vanilla
Lussumo Vanilla 1.1.1
Lussumo Vanilla 1.1.2
4.3
CVSSv2
CVE-2011-0526
Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums prior to 2.0.17 allows remote malicious users to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.
Vanillaforums Vanilla 2.0.13
Vanillaforums Vanilla 2.0.14
Vanillaforums Vanilla 2.0.15
Vanillaforums Vanilla 2.0.9
Vanillaforums Vanilla 2.0.10
Vanillaforums Vanilla 2.0.12
Vanillaforums Vanilla
Vanillaforums Vanilla 2.0.11
4.3
CVSSv2
CVE-2009-1845
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote malicious users to inject arbitrary web script or HTML via the RequestName parameter.
Lussumo Vanilla 1.1.5
Lussumo Vanilla 1.1.7
1 EDB exploit
4.3
CVSSv2
CVE-2014-9685
Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums prior to 2.0.18.13 and 2.1.x prior to 2.1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Vanillaforums Vanilla
Vanillaforums Vanilla Forums 2.1
7.5
CVSSv2
CVE-2018-18903
Vanilla 2.6.x prior to 2.6.4 allows remote code execution.
Vanillaforums Vanilla
5.1
CVSSv2
CVE-2006-3850
PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and previous versions, when /conf/old_settings.php exists, allows remote malicious users to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a th...
Lussumo Vanilla
1 EDB exploit
4
CVSSv2
CVE-2019-9889
In Vanilla prior to 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with File Inclusion. An attacker can leverage this vulnerability to execute code u...
Vanillaforums Vanilla
7.5
CVSSv2
CVE-2007-5643
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
Lussumo Vanilla
1 EDB exploit
5
CVSSv2
CVE-2016-10073
The from method in library/core/class.email.php in Vanilla Forums prior to 2.3.1 allows remote malicious users to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
Vanillaforums Vanilla
1 EDB exploit
1 Article
7.5
CVSSv2
CVE-2007-5644
Lussumo Vanilla 1.1.3 and previous versions does not require admin privileges for (1) ajax/sortcategories.php and (2) ajax/sortroles.php, which allows remote malicious users to conduct unauthorized sort operations and other activities.
Lussumo Vanilla
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »