Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
egix vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2011-4451
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote malicious users to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the...
Wikkawiki Wikkawiki 1.3.2
Wikkawiki Wikkawiki 1.3.1
1 EDB exploit
6.8
CVSSv2
CVE-2011-4452
Cross-site request forgery (CSRF) vulnerability in the AdminUsers component in WikkaWiki 1.3.1 and 1.3.2 allows remote malicious users to hijack the authentication of administrators for requests that remove arbitrary user accounts via a delete operation, as demonstrated by an {{i...
Wikkawiki Wikkawiki 1.3.2
Wikkawiki Wikkawiki 1.3.1
1 EDB exploit
7.5
CVSSv2
CVE-2011-4825
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager prior to 1.1, as used in tinymce prior to 1.4.2, phpMyFAQ 2.6 prior to 2.6.19 and 2.7 prior to 2.7.1, and possibly other products, allows remote malicious users to inject arbitrary PHP cod...
Phpletter Ajax File And Image Manager 1.0
Phpmyfaq Phpmyfaq 2.6.4
Tinymce Tinymce
Phpletter Ajax File And Image Manager 0.8.8
Phpmyfaq Phpmyfaq 2.6.14
Phpletter Ajax File And Image Manager 0.7.8
Phpmyfaq Phpmyfaq 2.6.5
Phpmyfaq Phpmyfaq 2.6.2
Phpletter Ajax File And Image Manager 0.8.9
Phpmyfaq Phpmyfaq 2.6.16
Phpmyfaq Phpmyfaq 2.6.7
Phpmyfaq Phpmyfaq 2.7.0
Phpletter Ajax File And Image Manager 0.7.10
Phpletter Ajax File And Image Manager 0.5
Phpletter Ajax File And Image Manager 0.8
Phpletter Ajax File And Image Manager 0.6.12
Phpmyfaq Phpmyfaq 2.6.13
Phpmyfaq Phpmyfaq 2.6.9
Phpmyfaq Phpmyfaq 2.6.1
Phpletter Ajax File And Image Manager 0.8.24
Phpmyfaq Phpmyfaq 2.6.17
Phpletter Ajax File And Image Manager
6 EDB exploits
7.5
CVSSv2
CVE-2012-0911
TikiWiki CMS/Groupware prior to 6.7 LTS and prior to 8.4 allows remote malicious users to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.p...
Tiki Tikiwiki Cms/groupware
2 EDB exploits
6.8
CVSSv2
CVE-2011-4449
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote malicious users to execute arbitrary PHP code by ...
Wikkawiki Wikkawiki 1.3.2
Wikkawiki Wikkawiki 1.3.1
2 EDB exploits
7.5
CVSSv2
CVE-2011-4453
The PageListSort function in scripts/pagelist.php in PmWiki 2.x prior to 2.2.35 allows remote malicious users to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
Pmwiki Pmwiki 2.1.25
Pmwiki Pmwiki 2.2.0
Pmwiki Pmwiki 2.1.6
Pmwiki Pmwiki 2.2.28
Pmwiki Pmwiki 2.1.2
Pmwiki Pmwiki 2.2.32
Pmwiki Pmwiki 2.1.9
Pmwiki Pmwiki 2.0.5
Pmwiki Pmwiki 2.0.0
Pmwiki Pmwiki 2.0.8
Pmwiki Pmwiki 2.1.10
Pmwiki Pmwiki 2.1.18
Pmwiki Pmwiki 2.0.4
Pmwiki Pmwiki 2.1.24
Pmwiki Pmwiki 2.1.4
Pmwiki Pmwiki 2.0.1
Pmwiki Pmwiki 2.1.13
Pmwiki Pmwiki 2.0.13
Pmwiki Pmwiki 2.2.18
Pmwiki Pmwiki 2.2.21
Pmwiki Pmwiki 2.1.16
Pmwiki Pmwiki 2.2.6
2 EDB exploits
7.5
CVSSv2
CVE-2012-1495
install/index.php in WebCalendar prior to 1.2.5 allows remote malicious users to execute arbitrary code via the form_single_user_login parameter.
Webcalendar Project Webcalendar
2 EDB exploits
1 Github repository
7.5
CVSSv2
CVE-2012-0694
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote malicious users to execute arbitrary PHP code.
Sugarcrm Sugarcrm
2 EDB exploits
6.8
CVSSv2
CVE-2019-17132
vBulletin up to and including 5.5.4 mishandles custom avatars.
Vbulletin Vbulletin
1 EDB exploit
6.8
CVSSv2
CVE-2012-1125
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin prior to 1.2 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the fi...
Kishore Asokan Kish Guest Posting Plugin
Kishore Asokan Kish Guest Posting Plugin 1.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »