Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerability-lab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4279
Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote malicious users to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php.
Rwcinc Free Realty 3.1-0.6
1 EDB exploit
NA
CVE-2012-4280
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote malicious users to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent.
Rwcinc Free Realty 3.1-0.6
1 EDB exploit
NA
CVE-2012-4281
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote malicious users to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid...
Itechscripts Travelon Express 6.2.2
1 EDB exploit
NA
CVE-2015-5149
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
Zohocorp Manageengine Supportcenter Plus 7.90
1 EDB exploit
NA
CVE-2008-0474
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote malicious users to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4...
Manageengine Applications Manager 8.1 Build 8100
1 EDB exploit
NA
CVE-2015-5150
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parame...
Zohocorp Manageengine Supportcenter Plus 7.90
1 EDB exploit
NA
CVE-2012-5919
Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) find or (2) replace fields to havalite/findReplace.php; (3) username parameter to havalite/hava_login.php, (...
Havalite Cms
1 EDB exploit
NA
CVE-2012-6509
Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote malicious users to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg.
Netartmedia Car Portal 3.0
1 EDB exploit
NA
CVE-2012-3839
Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote malicious users to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search.
Myclientbase Myclientbase 0.12
1 EDB exploit
NA
CVE-2013-1471
Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail prior to 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote malicious users to inject arbitrary web script or HTML via (1) the Add field for the B...
Fortinet Fortimail
Fortinet Fortimail 3.0
Fortinet Fortimail 4.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »