Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
website vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2003-0456
VisNetic WebSite 3.5 allows remote malicious users to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
Deerfield Visnetic Website 3.5.13
Deerfield Visnetic Website 3.5.15
Deerfield Visnetic Website 3.5.17
10
CVSSv2
CVE-2000-0623
Buffer overflow in O'Reilly WebSite Professional web server 2.4 and previous versions allows remote malicious users to execute arbitrary commands via a long GET request or Referrer header.
Oreilly Website Professional 2.4.9
Oreilly Website Professional 2.4
Oreilly Website Professional 2.3.18
10
CVSSv2
CVE-2000-0622
Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote malicious users to execute arbitrary commands via a URL containing a long "keywords" parameter.
Oreilly Website Professional 2.3.18
Oreilly Website Professional 2.4
Oreilly Website Professional 2.4.9
1 EDB exploit
7.5
CVSSv2
CVE-2009-3150
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote malicious users to execute arbitrary SQL commands via the Browse parameter in a vote action.
Multi-website Multi Website 1.5
1 EDB exploit
4.3
CVSSv2
CVE-2009-3162
Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote malicious users to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.
Multi-website Multi Website 1.5
1 EDB exploit
NA
CVE-2017-20150
A vulnerability was found in challenge website. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is f1644b1d3502e5aa5284f31ea80d2623817f4d42. It is recommended to apply a patch to fix this is...
Challenge Website Project Challenge Website
6.5
CVSSv2
CVE-2022-27346
Ecommece-Website v1.1.0 exists to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows malicious users to execute arbitrary code via a crafted PHP file.
Ecommerce-website Project Ecommerce-website 1.1.0
7.5
CVSSv2
CVE-2022-27357
Ecommerce-Website v1 exists to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows malicious users to execute arbitrary code via a crafted PHP file.
Ecommerce-website Project Ecommerce-website 1.0
6.5
CVSSv2
CVE-2022-27435
An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows malicious users to upload a webshell via the Product Image component.
Ecommerce-website Project Ecommerce-website 1.1.0
3.5
CVSSv2
CVE-2022-27436
A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field.
Ecommerce-website Project Ecommerce-website 1.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »