Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
click project click - vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-1010307
GLPI GLPI Product 9.3.1 is affected by: Cross Site Scripting (XSS). The impact is: All dropdown values are vulnerable to XSS leading to privilege escalation and executing js on admin. The component is: /glpi/ajax/getDropDownValue.php. The attack vector is: 1- User Create a ticket...
Glpi-project Glpi 9.3.1
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
153 Github repositories
9.8
CVSSv3
CVE-2014-3114
The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and previous versions for WordPress allows remote malicious users to execute arbitrary commands via the cmd parameter to functions/ezpz-archive-cmd.php.
Ezpz-one-click-backup Project Ezpz-one-click-backup
6.1
CVSSv3
CVE-2018-1000088
Doorkeeper version 2.1.0 up to and including 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will exe...
Doorkeeper Project Doorkeeper
6.1
CVSSv3
CVE-2015-3998
Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote malicious users to inject arbitrary web script or HTML via the query parameter to whois.php.
Clickfraud-monitoring Adsense-click-fraud-monitoring 1.7.5
Phpwhois Project Phpwhois 4.2.5
8.6
CVSSv3
CVE-2016-6368
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition due to the Snort process unexpectedly resta...
Cisco Firepower Management Center 6.0.0.0
Cisco Firepower Management Center 6.0.0
Cisco Firepower Management Center 6.0.0.1
Cisco Firepower Management Center 6.0.1
9.8
CVSSv3
CVE-2015-8768
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote malicious users to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu ph...
Click Project Click -
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
NA
CVE-2014-6294
Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and previous versions for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
External Links Click Statistics Project External Links Click Statistics
NA
CVE-2013-1493
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and previous versions, 6 Update 41 and previous versions, and 5.0 Update 40 and previous versions allows remote malicious users to execute arbitrary code or cause a denial of service (crash...
Oracle Jre 1.7.0
Oracle Jre
Sun Jre 1.5.0
Oracle Jre 1.5.0
Sun Jdk 1.6.0
Oracle Jdk 1.6.0
Oracle Jdk
Sun Jre 1.6.0
Oracle Jre 1.6.0
Sun Jdk 1.5.0
Oracle Jdk 1.5.0
Oracle Jdk 1.7.0
1 EDB exploit
3 Articles
NA
CVE-2008-5500
The layout engine in Mozilla Firefox 3.x prior to 3.0.5 and 2.x prior to 2.0.0.19, Thunderbird 2.x prior to 2.0.0.19, and SeaMonkey 1.x prior to 1.1.14 allows remote malicious users to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to...
Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
Debian Debian Linux 5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »