Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
high-tech bridge vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-0984
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS prior to 2.5.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopse...
Xoops Xoops 2.5.2
Xoops Xoops 2.5.3
Xoops Xoops
Xoops Xoops 2.5.0
Xoops Xoops 2.5.1
3 EDB exploits
9.8
CVSSv3
CVE-2012-5878
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 up to and including 0.1.4 allows remote malicious users to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath paramete...
Bulbsecurity Smartphone Pentest Framework
1 EDB exploit
6.1
CVSSv3
CVE-2012-2517
Cross-site scripting (XSS) vulnerability in PrestaShop prior to 1.4.9 allows remote malicious users to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
Prestashop Prestashop
1 EDB exploit
NA
CVE-2010-3023
Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote malicious users to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/view...
Hulihanapplications Diamondlist 0.1.6
2 EDB exploits
NA
CVE-2012-5701
Multiple SQL injection vulnerabilities in dotProject prior to 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] p...
Dotproject Dotproject
1 EDB exploit
NA
CVE-2012-5702
Multiple cross-site scripting (XSS) vulnerabilities in dotProject prior to 2.1.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name paramet...
Dotproject Dotproject
1 EDB exploit
NA
CVE-2013-4759
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x prior to 1.4.7 and 2.x prior to 2.0.2 for Magnolia CMS allow remote malicious users to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPub...
Magnolia-cms Magnolia Form Module 1.4.5
Magnolia-cms Magnolia Form Module 1.4.6
Magnolia-cms Magnolia Form Module 2.0
Magnolia-cms Magnolia Form Module 2.0.1
Magnolia-cms Magnolia Form Module 1.4
Magnolia-cms Magnolia Form Module 1.4.1
Magnolia-cms Magnolia Form Module 1.4.2
Magnolia-cms Magnolia Form Module 1.4.3
Magnolia-cms Magnolia Form Module 1.4.4
1 EDB exploit
NA
CVE-2011-5258
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM prior to 2.6.11.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
Orangehrm Orangehrm 2.6.7
Orangehrm Orangehrm 2.6.6
Orangehrm Orangehrm 2.6.0.1
Orangehrm Orangehrm
Orangehrm Orangehrm 2.6.5
Orangehrm Orangehrm 2.6.4
Orangehrm Orangehrm 2.6.8.1
Orangehrm Orangehrm 2.6.8
Orangehrm Orangehrm 2.6.1
Orangehrm Orangehrm 2.6.0
Orangehrm Orangehrm 2.6.10
Orangehrm Orangehrm 2.6.9
Orangehrm Orangehrm 2.6.3
Orangehrm Orangehrm 2.6.2
2 EDB exploits
NA
CVE-2013-7219
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component prior to 1.0.9 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the answer_id[] parameter.
2glux Com Sexypolling
2glux Com Sexypolling 1.0.1
2glux Com Sexypolling 0.9.7
2glux Com Sexypolling 1.0.5
2glux Com Sexypolling 1.0.4
2glux Com Sexypolling 0.9.4
2glux Com Sexypolling 0.9.2
2glux Com Sexypolling 1.0.3
2glux Com Sexypolling 1.0.2
2glux Com Sexypolling 0.9.1
2glux Com Sexypolling 1.0.7
2glux Com Sexypolling 1.0.6
2glux Com Sexypolling 0.9.6
2glux Com Sexypolling 0.9.5
1 EDB exploit
NA
CVE-2014-5097
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and previous versions allow remote malicious users to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
Freereprintables Articlefr
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »