Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
campaign vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2008-7093
Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote malicious users to (1) create arbitrary directories or files via a .. (dot dot) in the folder name in the new folder functionality or (2) list arbitrary files via a crafted request to ...
Unica Affinium Campaign 7.2.1.0.55
5
CVSSv2
CVE-2008-7094
Campaign/CampaignListener in the listener server in Unica Affinium Campaign 7.2.1.0.55 allows remote malicious users to cause a denial of service (server crash) via a crafted length field that triggers (1) connection exhaustion or (2) memory allocation failure.
Unica Affinium Campaign 7.2.1.0.55
NA
CVE-2023-5098
The Campaign Monitor Forms by Optin Cat WordPress plugin prior to 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS.
Fatcatapps Campaign Monitor Optin Cat
5.4
CVSSv2
CVE-2014-7000
The Paul Alexander Campaign (aka hr.apps.n51261427) application 4.5.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Paulalexanderformayor Paul Alexander Campaign 4.5.8
4.3
CVSSv2
CVE-2013-3263
Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote malicious users to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3)...
Smackcoders Wp Ultimate Email Marketer Plugin
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.3
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.2
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.1
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.0
4.3
CVSSv2
CVE-2022-1407
The VikBooking Hotel Booking Engine & PMS WordPress plugin prior to 1.5.8 does not have CSRF check in place when adding a tracking campaign, and does not escape the campaign fields when outputting them In attributes. As a result, attackers could make a logged in admin add tra...
Vikwp Hotel Booking Engine \\& Pms
6.5
CVSSv2
CVE-2017-6576
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id.
Mail-masta Project Mail-masta 1.0
6.5
CVSSv2
CVE-2017-6570
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
Mail-masta Project Mail-masta 1.0
3.5
CVSSv2
CVE-2020-36398
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows malicious users to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module.
Phplist Phplist
6.4
CVSSv2
CVE-2013-3264
The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote malicious users to modify list or campaign data.
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.3
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.2
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.1
Smackcoders Wp Ultimate Email Marketer Plugin 1.0.0
Smackcoders Wp Ultimate Email Marketer Plugin
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »