Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2014-4972
Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and previous versions for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-c...
Ajax Upload For Gravity Forms Project Ajax Upload For Gravity Forms
NA
CVE-2011-4825
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager prior to 1.1, as used in tinymce prior to 1.4.2, phpMyFAQ 2.6 prior to 2.6.19 and 2.7 prior to 2.7.1, and possibly other products, allows remote malicious users to inject arbitrary PHP cod...
Phpletter Ajax File And Image Manager 1.0
Phpmyfaq Phpmyfaq 2.6.4
Tinymce Tinymce
Phpletter Ajax File And Image Manager 0.8.8
Phpmyfaq Phpmyfaq 2.6.14
Phpletter Ajax File And Image Manager 0.7.8
Phpmyfaq Phpmyfaq 2.6.5
Phpmyfaq Phpmyfaq 2.6.2
Phpletter Ajax File And Image Manager 0.8.9
Phpmyfaq Phpmyfaq 2.6.16
Phpmyfaq Phpmyfaq 2.6.7
Phpmyfaq Phpmyfaq 2.7.0
Phpletter Ajax File And Image Manager 0.7.10
Phpletter Ajax File And Image Manager 0.5
Phpletter Ajax File And Image Manager 0.8
Phpletter Ajax File And Image Manager 0.6.12
Phpmyfaq Phpmyfaq 2.6.13
Phpmyfaq Phpmyfaq 2.6.9
Phpmyfaq Phpmyfaq 2.6.1
Phpletter Ajax File And Image Manager 0.8.24
Phpmyfaq Phpmyfaq 2.6.17
Phpletter Ajax File And Image Manager
6 EDB exploits
NA
CVE-2007-1851
Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the __class parameter to (1) Controller_v4.php or (2) Controller_v5.php.
Really Simple Php And Ajax Really Simple Php And Ajax 2007-03-23
1 EDB exploit
9.8
CVSSv3
CVE-2021-41472
SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows malicious users to execute arbitrary SQL commands via the username and password parameters.
Simple Membership System Using Php And Ajax Project Simple Membership System Using Php And Ajax 1.0
NA
CVE-2006-5312
PHP remote file inclusion vulnerability in shoutbox.php in the Ajax Shoutbox 0.0.5 and previous versions module for phpBB allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Phpbb Ajax Shoutbox
1 EDB exploit
4.7
CVSSv3
CVE-2017-20188
A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross sit...
Zimbra Zm-ajax
NA
CVE-2006-3345
Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and previous versions, allows remote malicious users to inject arbitrary web script or HTML via a chat line.
Ajax Softwares Alipager
5.4
CVSSv3
CVE-2023-47810
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asdqwe Dev Ajax Domain Checker plugin <= 1.3.0 versions.
Asdqwedev Ajax Domain Checker
5.4
CVSSv3
CVE-2023-50874
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll – Ajax Load More allows Stored XSS.This issue affects WordPress Infinite Scroll – Ajax Load More: from n/a up to and...
Connekthq Ajax Load More
4.9
CVSSv3
CVE-2022-2943
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated atta...
Connekthq Ajax Load More
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »