Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6673
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote malicious users to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; ...
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-6675
Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through def...
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-4364
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote malicious users to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
Parsagostar Parsaweb Cms
1 EDB exploit
NA
CVE-2008-6677
Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2007-6079
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using ...
Bcoos Bcoos 1.0.10
1 EDB exploit
NA
CVE-2008-2967
Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and previous versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlare...
Yektaweb Academic Web Tools
1 EDB exploit
NA
CVE-2008-2969
Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and previous versions, allows remote malicious users to read arbitrary files via a .. (dot dot) in the dfile parameter.
Yektaweb Academic Web Tools 1.4.3.1
Yektaweb Academic Web Tools
1 EDB exploit
NA
CVE-2008-0736
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote malicious users to obtain the path via a certain value of the FedExAccount parameter.
Shoppingtree Candypress Store 4.1.1.26
Shoppingtree Candypress Store 4.1
1 EDB exploit
NA
CVE-2009-0422
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and previous versions, when register_globals is disabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] paramet...
Tincan Phplist 2.4.0
Tincan Phplist 2.5.6
Tincan Phplist 2.10.6
Tincan Phplist 2.10.3
Tincan Phplist 1.6.1
Tincan Phplist 2.8.2
Tincan Phplist 1.9.0
Tincan Phplist 2.5.5
Tincan Phplist 1.6.0
Tincan Phplist 1.9.3
Tincan Phplist 1.6.3
Tincan Phplist 2.6.3
Tincan Phplist 2.1.0
Tincan Phplist 2.9.4
Tincan Phplist 2.3.1
Tincan Phplist 2.6.5
Tincan Phplist 2.9.3
Tincan Phplist 1.6.4
Tincan Phplist 2.6
Tincan Phplist 2.1.4
Tincan Phplist 2.5.7
Tincan Phplist 2.6.0
1 EDB exploit
NA
CVE-2008-0738
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and previous versions 4.1.x versions, allow remote malicious users to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName ...
Shoppingtree Candypress Store 4.1.1.26
Shoppingtree Candypress Store
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »