Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web-app.org webapp vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2007-3424
The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP prior to 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.
Web-app.org Webapp
383
VMScore
CVE-2007-1174
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP prior to 20070214 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party i...
Web-app.org Webapp
383
VMScore
CVE-2007-1176
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP prior to 0.9.9.5 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics L...
Web-app.org Webapp
668
VMScore
CVE-2007-1178
WebAPP prior to 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.
Web-app.org Webapp
383
VMScore
CVE-2007-1180
WebAPP prior to 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
Web-app.org Webapp
668
VMScore
CVE-2007-1183
WebAPP prior to 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
Web-app.org Webapp
383
VMScore
CVE-2007-3417
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP prior to 0.9.9.7 allow remote malicious users to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) pro...
Web-app.org Webapp
578
VMScore
CVE-2007-3418
The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP prior to 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users.
Web-app.org Webapp
668
VMScore
CVE-2007-3419
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP prior to 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of me...
Web-app.org Webapp
668
VMScore
CVE-2007-3420
The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP prior to 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote a...
Web-app.org Webapp
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »