Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerability-lab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-1047
Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action.
Cyberoam Cyberoam Central Console 2.00.2
1 EDB exploit
NA
CVE-2012-1059
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote malicious users to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front&q...
Oscommerce Online Merchant 3.0.2
1 EDB exploit
NA
CVE-2013-5962
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin prior to 3.3.4 rev40279 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...
Envato Complete Gallery Manager Plugin 3.3.2
Envato Complete Gallery Manager Plugin 3.3.1
Envato Complete Gallery Manager Plugin 3.2.2
Envato Complete Gallery Manager Plugin 3.2.1
Envato Complete Gallery Manager Plugin 2.0.2
Envato Complete Gallery Manager Plugin 2.0.1
Envato Complete Gallery Manager Plugin 3.2.6
Envato Complete Gallery Manager Plugin 3.2.5
Envato Complete Gallery Manager Plugin 3.1.0
Envato Complete Gallery Manager Plugin 3.0.1
Envato Complete Gallery Manager Plugin 1.0.1
Envato Complete Gallery Manager Plugin 1.0.0
Envato Complete Gallery Manager Plugin 3.3.0
Envato Complete Gallery Manager Plugin 3.2.8
Envato Complete Gallery Manager Plugin 3.2.7
Envato Complete Gallery Manager Plugin 3.2.0
Envato Complete Gallery Manager Plugin 3.1.1
Envato Complete Gallery Manager Plugin 2.0.0
Envato Complete Gallery Manager Plugin 1.0.2
Envato Complete Gallery Manager Plugin
Envato Complete Gallery Manager Plugin 3.2.4
Envato Complete Gallery Manager Plugin 3.2.3
1 EDB exploit
NA
CVE-2012-5894
SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the postId parameter.
Havalite Cms
1 EDB exploit
NA
CVE-2012-5898
Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote malicious users to hijack the authentication of administrators for requests that change account settings.
Samedia Landshop 0.9.2
1 EDB exploit
NA
CVE-2012-5899
Cross-site scripting (XSS) vulnerability in admin/action/objects.php in SAMEDIA LandShop 0.9.2 allows remote malicious users to inject arbitrary web script or HTML via the OTR_HEADS[] parameter in an edit action. NOTE: some of these details are obtained from third party informati...
Samedia Landshop 0.9.2
1 EDB exploit
NA
CVE-2012-5900
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote malicious users to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) s...
Samedia Landshop 0.9.2
1 EDB exploit
NA
CVE-2012-5919
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (...
Havalite Cms
1 EDB exploit
NA
CVE-2012-2939
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
Itechscripts Travelon Express 6.2.2
1 EDB exploit
NA
CVE-2015-5149
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
Zohocorp Manageengine Supportcenter Plus 7.90
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »