Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-0371
Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and previous versions allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the type parameter.
Sitexs Cms Sitexs Cms
Sitexs Cms Sitexs Cms 0.1
1 EDB exploit
NA
CVE-2006-1223
Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag.
Jupiter Cms Jupiter Cms 1.1.4
Jupiter Cms Jupiter Cms
1 EDB exploit
NA
CVE-2010-0984
Acidcat CMS 3.5.3 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
Acidcat Acidcat Cms 3.4.0
Acidcat Acidcat Cms
Acidcat Acidcat Cms 2.1.13
Acidcat Acidcat Cms 2.1.12
Acidcat Acidcat Cms 3.5.2
Acidcat Acidcat Cms 3.5.1
Acidcat Acidcat Cms 3.5.0
Acidcat Acidcat Cms 2.1.11
Acidcat Acidcat Cms 3.3.5
Acidcat Acidcat Cms 3.4.2
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
4.7
CVSSv3
CVE-2016-2784
CMS Made Simple 2.x prior to 2.1.3 and 1.x prior to 1.12.2, when Smarty Cache is activated, allow remote malicious users to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
Cmsmadesimple Cms Made Simple 2.1.1
Cmsmadesimple Cms Made Simple 2.1
Cmsmadesimple Cms Made Simple 1.11.11
Cmsmadesimple Cms Made Simple 1.11.10
Cmsmadesimple Cms Made Simple 1.11.3
Cmsmadesimple Cms Made Simple 1.11.2.1
Cmsmadesimple Cms Made Simple 1.10
Cmsmadesimple Cms Made Simple 1.9.4.3
Cmsmadesimple Cms Made Simple 1.9.4.2
Cmsmadesimple Cms Made Simple 1.6.10
Cmsmadesimple Cms Made Simple 1.6.9
Cmsmadesimple Cms Made Simple 1.6.7
Cmsmadesimple Cms Made Simple 1.6.6
Cmsmadesimple Cms Made Simple 1.5.3
Cmsmadesimple Cms Made Simple 1.5.2
Cmsmadesimple Cms Made Simple 1.2.5
Cmsmadesimple Cms Made Simple 1.2.4
Cmsmadesimple Cms Made Simple 1.1.2
Cmsmadesimple Cms Made Simple 1.1.1
Cmsmadesimple Cms Made Simple 1.0.2
Cmsmadesimple Cms Made Simple 1.0.1
Cmsmadesimple Cms Made Simple 1.12.1
1 EDB exploit
NA
CVE-2012-1992
Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).
Cmsmadesimple Cms Made Simple
Cmsmadesimple Cms Made Simple 1.10.2
Cmsmadesimple Cms Made Simple 1.9.2
Cmsmadesimple Cms Made Simple 1.9
Cmsmadesimple Cms Made Simple 1.0
Cmsmadesimple Cms Made Simple 1.6.5
Cmsmadesimple Cms Made Simple 1.6.6
Cmsmadesimple Cms Made Simple 1.5.2
Cmsmadesimple Cms Made Simple 1.5.3
Cmsmadesimple Cms Made Simple 1.1.4.1
Cmsmadesimple Cms Made Simple 1.1.1
Cmsmadesimple Cms Made Simple 1.4.1
Cmsmadesimple Cms Made Simple 1.6.8
Cmsmadesimple Cms Made Simple 1.2
Cmsmadesimple Cms Made Simple 1.1
Cmsmadesimple Cms Made Simple 1.0.5
Cmsmadesimple Cms Made Simple 1.2.2
Cmsmadesimple Cms Made Simple 0.1
Cmsmadesimple Cms Made Simple 0.6
Cmsmadesimple Cms Made Simple 0.7.1
Cmsmadesimple Cms Made Simple 0.2.1
Cmsmadesimple Cms Made Simple 0.10.2
9.9
CVSSv3
CVE-2020-7357
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. Thi...
Cayintech Cms-se Firmware 11.0
Cayintech Cms-se-lxc Firmware -
Cayintech Cms-60 Firmware 11.0
Cayintech Cms-40 Firmware 9.0
Cayintech Cms-20 Firmware 9.0
Cayintech Cms 7.5
Cayintech Cms 8.0
Cayintech Cms 8.2
NA
CVE-2012-1834
Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin prior to 0.8.9 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-gener...
Cms Tree Page View Project Cms Tree Page View 0.8.3
Cms Tree Page View Project Cms Tree Page View 0.8.2
Cms Tree Page View Project Cms Tree Page View 0.7.16
Cms Tree Page View Project Cms Tree Page View 0.7.15
Cms Tree Page View Project Cms Tree Page View 0.7.8
Cms Tree Page View Project Cms Tree Page View 0.7.7
Cms Tree Page View Project Cms Tree Page View 0.6.3
Cms Tree Page View Project Cms Tree Page View 0.6.2
Cms Tree Page View Project Cms Tree Page View 0.5.3
Cms Tree Page View Project Cms Tree Page View 0.5.2
Cms Tree Page View Project Cms Tree Page View 0.4.5
Cms Tree Page View Project Cms Tree Page View 0.4.4
Cms Tree Page View Project Cms Tree Page View 0.1a
Cms Tree Page View Project Cms Tree Page View 0.8.1
Cms Tree Page View Project Cms Tree Page View 0.8
Cms Tree Page View Project Cms Tree Page View 0.7.14
Cms Tree Page View Project Cms Tree Page View 0.7.13
Cms Tree Page View Project Cms Tree Page View 0.7.6
Cms Tree Page View Project Cms Tree Page View 0.7.5
Cms Tree Page View Project Cms Tree Page View 0.6.1
Cms Tree Page View Project Cms Tree Page View 0.6
Cms Tree Page View Project Cms Tree Page View 0.5.1
NA
CVE-2010-0989
Directory traversal vulnerability in delete.php in Pulse CMS prior to 1.2.3 allows remote authenticated users to delete arbitrary files via directory traversal sequences in the f parameter.
Pulsecms Pulse Cms 1.2
Pulsecms Pulse Cms 1.18
Pulsecms Pulse Cms
Pulsecms Pulse Cms 1.2.1
Pulsecms Pulse Cms 1.01
Pulsecms Pulse Cms 1.0
Pulsecms Pulse Cms 1.15
Pulsecms Pulse Cms 1.1
Pulsecms Pulse Cms 1.17
Pulsecms Pulse Cms 1.16
NA
CVE-2010-0988
Multiple unspecified vulnerabilities in Pulse CMS prior to 1.2.3 allow (1) remote malicious users to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to w...
Pulsecms Pulse Cms 1.17
Pulsecms Pulse Cms 1.16
Pulsecms Pulse Cms 1.2
Pulsecms Pulse Cms 1.18
Pulsecms Pulse Cms
Pulsecms Pulse Cms 1.2.1
Pulsecms Pulse Cms 1.0
Pulsecms Pulse Cms 1.15
Pulsecms Pulse Cms 1.1
Pulsecms Pulse Cms 1.01
NA
CVE-2006-3478
PHP remote file inclusion vulnerability in styles/default/global_header.php in MyPHP CMS 0.3 and previous versions, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the domain parameter.
Myphp Cms Myphp Cms 0.3
Myphp Cms Myphp Cms 0.3.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »