Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
p1 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-4722
Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote malicious users to inject arbitrary web script or HTML via the (1) username, (2) u...
Ddsn Cm3 Acora Content Management System 6.0.2/1a
Ddsn Cm3 Acora Content Management System 5.5.7/12b
Ddsn Cm3 Acora Content Management System 5.5.0/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6/1a
NA
CVE-2013-4724
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote malicious users to obtain potentially sensitive informatio...
Ddsn Cm3 Acora Content Management System 6.0.2/1a
Ddsn Cm3 Acora Content Management System 5.5.7/12b
Ddsn Cm3 Acora Content Management System 5.5.0/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6/1a
NA
CVE-2013-4728
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote malicious users to obtain sensitive information via a .. (dot dot) in the "l" parameter, which reveals the installation path in an error message.
Ddsn Cm3 Acora Content Management System 6.0.2/1a
Ddsn Cm3 Acora Content Management System 5.5.7/12b
Ddsn Cm3 Acora Content Management System 5.5.0/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6/1a
NA
CVE-2013-4725
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmis...
Ddsn Cm3 Acora Content Management System 6.0.2/1a
Ddsn Cm3 Acora Content Management System 5.5.7/12b
Ddsn Cm3 Acora Content Management System 5.5.0/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6/1a
NA
CVE-2013-4726
Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Ddsn Cm3 Acora Content Management System 6.0.2/1a
Ddsn Cm3 Acora Content Management System 5.5.7/12b
Ddsn Cm3 Acora Content Management System 5.5.0/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6/1a
NA
CVE-2013-4723
Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the l parameter to track.aspx.
Ddsn Cm3 Acora Content Management System 6.0.2/1a
Ddsn Cm3 Acora Content Management System 5.5.7/12b
Ddsn Cm3 Acora Content Management System 5.5.0/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6/1a
NA
CVE-2013-4727
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote malicious users to obtain sensitive information via a request to Admin/top.aspx.
Ddsn Cm3 Acora Content Management System 6.0.2/1a
Ddsn Cm3 Acora Content Management System 5.5.7/12b
Ddsn Cm3 Acora Content Management System 5.5.0/1b-p1
Ddsn Cm3 Acora Content Management System 6.0.6/1a
1 EDB exploit
NA
CVE-2006-1224
Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote malicious users to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.
Guppy Guppy 4.5.10
Guppy Guppy 4.5.11
Guppy Guppy 2.4 P1
Guppy Guppy 4.5.4
Guppy Guppy 4.5.3a
Guppy Guppy 2.4 P3
Guppy Guppy 4.5.9
Guppy Guppy 4.5
Guppy Guppy 2.4
Guppy Guppy 4.5.3
Guppy Guppy 2.4 P4
1 EDB exploit
NA
CVE-2007-4305
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
Sysjail Sysjail
Systrace Systrace
Todd Miller Sudo 1.5.6
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.5.9
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.3 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6.3p1
Todd Miller Sudo 1.6.3p2
Todd Miller Sudo 1.6.3p3
Todd Miller Sudo 1.6.3p4
Todd Miller Sudo 1.6.3p5
1 EDB exploit
NA
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and previous versions allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
Todd Miller Sudo 1.6.3p1
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3p3
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.3p2
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.5 P2
Todd Miller Sudo 1.6.4p1
Todd Miller Sudo 1.6.5p2
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.5 P1
Todd Miller Sudo 1.6.3p4
Todd Miller Sudo 1.6.3p6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »