Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-2864
eLineStudio Site Composer (ESC) 2.6 and previous versions allows remote malicious users to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path.
Elinestudio Site Composer 2.5
Elinestudio Site Composer
1 EDB exploit
6.4
CVSSv2
CVE-2008-2878
Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and previous versions, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter.
Yektaweb Academic Web Tools
1 EDB exploit
7.8
CVSSv2
CVE-2008-0427
Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Bloo Bloofoxcms 0.3
1 EDB exploit
7.5
CVSSv2
CVE-2008-0428
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
Bloofoxcms Bloofoxcms 0.3
1 EDB exploit
4.3
CVSSv2
CVE-2008-0547
Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote malicious users to inject arbitrary web script or HTML via the helpfield parameter.
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
5
CVSSv2
CVE-2008-0736
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote malicious users to obtain the path via a certain value of the FedExAccount parameter.
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
7.5
CVSSv2
CVE-2008-0737
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote malicious users to execute arbitrary SQL commands via the helpfield parameter.
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
7.5
CVSSv2
CVE-2008-3955
SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page.
Masir Camp E-shop Module
1 EDB exploit
7.5
CVSSv2
CVE-2007-6240
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote malicious users to execute arbitrary SQL commands via the BuildTime parameter.
Snitz Communications Snitz Forums 2000 3.4.06
1 EDB exploit
10
CVSSv2
CVE-2007-6494
Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote malicious users to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSk...
Hosting Controller Hosting Controller 6.1 Hotfix 3.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »