Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2007-3422
The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP prior to 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unk...
Web-app.org Webapp
668
VMScore
CVE-2007-3423
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP prior to 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, wh...
Web-app.org Webapp
668
VMScore
CVE-2007-3424
The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP prior to 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.
Web-app.org Webapp
NA
CVE-2022-39380
Wire web-app is part of Wire communications. Versions before 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error m...
Wire Wire-webapp
445
VMScore
CVE-2006-7186
cgi-lib/subs.pl in web-app.net WebAPP prior to 0.9.9.3.5 allows malicious users to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927.
Web-app.net Webapp
383
VMScore
CVE-2021-32683
wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> open in new tab, or copy the URL and pas...
Wire Wire-webapp
383
VMScore
CVE-2006-7187
Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP prior to 20060909 allows remote malicious users to inject arbitrary web script or HTML via the srch variable.
Web-app.net Webapp
534
VMScore
CVE-2007-1831
web-app.org WebAPP prior to 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING.
Web-app.org Webapp
445
VMScore
CVE-2007-1832
web-app.org WebAPP prior to 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms."
Web-app.org Webapp
383
VMScore
CVE-2007-1174
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP prior to 20070214 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party i...
Web-app.org Webapp
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »