Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webspell webspell vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-0502
SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote malicious users to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.
Webspell Webspell 4.01.02
1 EDB exploit
4.3
CVSSv2
CVE-2007-6309
Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote malicious users to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year para...
Webspell Webspell 4.1.2
2 EDB exploits
4.3
CVSSv2
CVE-2008-0575
Cross-site request forgery (CSRF) vulnerability in admin/admincenter.php in webSPELL 4.01.02 allows remote malicious users to assign the superadmin privilege level to arbitrary accounts as administrators via an "update member" action.
Webspell Webspell 4.01.02
7.5
CVSSv2
CVE-2007-4028
Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote malicious users to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information.
Webspell Webspell 4.01.02
4.3
CVSSv2
CVE-2008-1481
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.1.2 allows remote malicious users to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Webspell Webspell 4.1.2
1 EDB exploit
6.8
CVSSv2
CVE-2007-1019
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote malicious users to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
Webspell Webspell 4.01.02
1 EDB exploit
10
CVSSv2
CVE-2007-1160
webSPELL 4.0, and possibly later versions, allows remote malicious users to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
Webspell Webspell 4.0
4.3
CVSSv2
CVE-2009-1408
Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote malicious users to inject arbitrary web script or HTML allows remote malicious users to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated u...
Webspell Webspell 4.2.0c
1 EDB exploit
4.3
CVSSv2
CVE-2008-0574
Cross-site scripting (XSS) vulnerability in index.php in webSPELL 4.01.02 allows remote malicious users to inject arbitrary web script or HTML via the sort parameter in a whoisonline action.
Webspell Webspell 4.01.02
1 EDB exploit
7.5
CVSSv2
CVE-2010-4861
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote malicious users to execute arbitrary SQL commands via the search parameter.
Webspell Webspell 4.2.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »