Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
book vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-4580
register.php in The Address Book 1.04e allows remote malicious users to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm".
The Address Book The Address Book 1.04e
5
CVSSv2
CVE-2006-4581
Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote malicious users to upload arbitrary PHP scripts.
The Address Book The Address Book 1.04e
5
CVSSv2
CVE-2006-4582
Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote malicious users to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php.
The Address Book The Address Book 1.04e
6.8
CVSSv2
CVE-2007-1059
PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote malicious users to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.
Ultimate Fun Book Ultimate Fun Book 1.02
1 EDB exploit
7.5
CVSSv2
CVE-2012-6652
Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.
Page Flip Book Project Page Flip Book -
4.3
CVSSv2
CVE-2022-1842
The OpenBook Book Data WordPress plugin up to and including 3.5.2 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of san...
Openbook Book Data Project Openbook Book Data
4.3
CVSSv2
CVE-2005-3037
Cross-site scripting (XSS) vulnerability in Handy Address Book Server 1.1 allows remote malicious users to inject arbitrary web script or HTML via the SEARCHTEXT parameter in a demos URL.
Handy Address Book Handy Address Book Server 1.1
NA
CVE-2021-34249
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote malicious users to view sensitive information via the id paremeter in application URL.
Online Book Store Project Online Book Store 1.0
5
CVSSv2
CVE-2020-24115
In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access.
Online Book Store Project Online Book Store 1.0
7.5
CVSSv2
CVE-2005-0284
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote malicious users to execute arbitrary SQL commands via the user-agent parameter.
Woltlab Burning Book 1.0 Gold
Woltlab Burning Book 1.1.1e
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »