Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vanilla vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-0526
Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forums prior to 2.0.17 allows remote malicious users to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action.
Vanillaforums Vanilla 2.0.13
Vanillaforums Vanilla 2.0.14
Vanillaforums Vanilla 2.0.15
Vanillaforums Vanilla 2.0.9
Vanillaforums Vanilla 2.0.10
Vanillaforums Vanilla 2.0.12
Vanillaforums Vanilla
Vanillaforums Vanilla 2.0.11
NA
CVE-2011-0909
Cross-site scripting (XSS) vulnerability in Vanilla Forums prior to 2.0.17.6 allows remote malicious users to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
Vanillaforums Vanilla 2.0.17.2
Vanillaforums Vanilla 2.0.17.3
Vanillaforums Vanilla 2.0.17.4
Vanillaforums Vanilla
Vanillaforums Vanilla 2.0.12
Vanillaforums Vanilla 2.0.13
Vanillaforums Vanilla 2.0.14
Vanillaforums Vanilla 2.0.15
Vanillaforums Vanilla 2.0.10
Vanillaforums Vanilla 2.0.9
Vanillaforums Vanilla 2.0.17.1
Vanillaforums Vanilla 2.0.11
Vanillaforums Vanilla 2.0.16
Vanillaforums Vanilla 2.0.17
NA
CVE-2011-0910
The cookie implementation in Vanilla Forums prior to 2.0.17.6 makes it easier for remote malicious users to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks.
Vanillaforums Vanilla 2.0.10
Vanillaforums Vanilla 2.0.11
Vanillaforums Vanilla 2.0.12
Vanillaforums Vanilla 2.0.13
Vanillaforums Vanilla 2.0.17
Vanillaforums Vanilla 2.0.17.1
Vanillaforums Vanilla 2.0.17.2
Vanillaforums Vanilla 2.0.17.3
Vanillaforums Vanilla 2.0.15
Vanillaforums Vanilla 2.0.9
Vanillaforums Vanilla 2.0.17.4
Vanillaforums Vanilla 2.0.14
Vanillaforums Vanilla 2.0.16
Vanillaforums Vanilla
NA
CVE-2010-1337
Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote malicious users to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters.
Lussumo Vanilla 1.1.8
Lussumo Vanilla 1.1.7
Lussumo Vanilla 1.1.2
Lussumo Vanilla 1.1.1
Lussumo Vanilla
Lussumo Vanilla 1.1.9
Lussumo Vanilla 1.1.5
Lussumo Vanilla 1.1.4
Lussumo Vanilla 1.1.3
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1.0.2
Lussumo Vanilla 1.0.1
Lussumo Vanilla 1.1.6
Lussumo Vanilla 1.1
Lussumo Vanilla 1.0.3
1 EDB exploit
NA
CVE-2009-1845
Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote malicious users to inject arbitrary web script or HTML via the RequestName parameter.
Lussumo Vanilla 1.1.5
Lussumo Vanilla 1.1.7
1 EDB exploit
NA
CVE-2008-3874
Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details are obtained...
Lussumo Vanilla 1.1.1
Lussumo Vanilla 1.1.2
Lussumo Vanilla 1.0.1
Lussumo Vanilla 1.0.2
Lussumo Vanilla
Lussumo Vanilla 1.0.3
Lussumo Vanilla 1.1
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1
Lussumo Vanilla 1.1.3
Lussumo Vanilla 1.1.4
NA
CVE-2008-3760
Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and previous versions allows remote malicious users to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php.
Lussumo Vanilla 1.0.1
Lussumo Vanilla 1.0.2
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1
Lussumo Vanilla 1.1.3
Lussumo Vanilla
Lussumo Vanilla 1.1.1
Lussumo Vanilla 1.1.2
Lussumo Vanilla 1.0.3
Lussumo Vanilla 1.1
NA
CVE-2008-3758
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and previous versions (1) allow remote malicious users to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web scr...
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1.1.2
Lussumo Vanilla 1.1.3
Lussumo Vanilla 1.1
Lussumo Vanilla 1.1.1
Lussumo Vanilla 1.0.2
Lussumo Vanilla 1.0.3
Lussumo Vanilla 1
Lussumo Vanilla 1.0.1
Lussumo Vanilla
1 EDB exploit
NA
CVE-2008-3759
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and previous versions has unknown impact and remote attack vectors.
Lussumo Vanilla 1.0.3
Lussumo Vanilla 1.1
Lussumo Vanilla 1.0.1
Lussumo Vanilla 1.0.2
Lussumo Vanilla 0.9.2
Lussumo Vanilla 1
Lussumo Vanilla 1.1.3
Lussumo Vanilla
Lussumo Vanilla 1.1.1
Lussumo Vanilla 1.1.2
NA
CVE-2007-5643
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
Lussumo Vanilla
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »