Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web-app.org webapp vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2007-1180
WebAPP prior to 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
Web-app.org Webapp
7.5
CVSSv2
CVE-2007-1183
WebAPP prior to 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
Web-app.org Webapp
6
CVSSv2
CVE-2007-1831
web-app.org WebAPP prior to 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING.
Web-app.org Webapp
5
CVSSv2
CVE-2007-1832
web-app.org WebAPP prior to 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms."
Web-app.org Webapp
4.3
CVSSv2
CVE-2007-3417
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP prior to 0.9.9.7 allow remote malicious users to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) pro...
Web-app.org Webapp
6.5
CVSSv2
CVE-2007-3418
The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP prior to 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users.
Web-app.org Webapp
7.5
CVSSv2
CVE-2007-3419
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP prior to 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of me...
Web-app.org Webapp
7.5
CVSSv2
CVE-2007-3420
The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP prior to 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote a...
Web-app.org Webapp
7.5
CVSSv2
CVE-2007-3421
The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP prior to 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact...
Web-app.org Webapp
7.5
CVSSv2
CVE-2007-3422
The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP prior to 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unk...
Web-app.org Webapp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »