Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
website vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2000-0622
Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote malicious users to execute arbitrary commands via a URL containing a long "keywords" parameter.
Oreilly Website Professional 2.3.18
Oreilly Website Professional 2.4
Oreilly Website Professional 2.4.9
1 EDB exploit
NA
CVE-2000-0623
Buffer overflow in O'Reilly WebSite Professional web server 2.4 and previous versions allows remote malicious users to execute arbitrary commands via a long GET request or Referrer header.
Oreilly Website Professional 2.4.9
Oreilly Website Professional 2.4
Oreilly Website Professional 2.3.18
NA
CVE-2003-0456
VisNetic WebSite 3.5 allows remote malicious users to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
Deerfield Visnetic Website 3.5.13
Deerfield Visnetic Website 3.5.15
Deerfield Visnetic Website 3.5.17
8.8
CVSSv3
CVE-2017-20150
A vulnerability was found in challenge website. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is f1644b1d3502e5aa5284f31ea80d2623817f4d42. It is recommended to apply a patch to fix this is...
Challenge Website Project Challenge Website
NA
CVE-2009-3150
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote malicious users to execute arbitrary SQL commands via the Browse parameter in a vote action.
Multi-website Multi Website 1.5
1 EDB exploit
NA
CVE-2009-3162
Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote malicious users to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.
Multi-website Multi Website 1.5
1 EDB exploit
8.8
CVSSv3
CVE-2022-27435
An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows malicious users to upload a webshell via the Product Image component.
Ecommerce-website Project Ecommerce-website 1.1.0
9.8
CVSSv3
CVE-2018-17840
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.
Education Website Project Education Website 1.0
6.1
CVSSv3
CVE-2022-45990
A cross-site scripting (XSS) vulnerability in the component /signup_script.php of Ecommerce-Website v1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the eMail parameter.
Ecommerce-website Project Ecommerce-website 1.0
NA
CVE-2007-3524
Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php.
Ripe Website Manager Ripe Website Manager
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »