Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
answer answer vulnerabilities and exploits
(subscribe to this query)
655
VMScore
CVE-2009-1655
Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password.
Easy-scripts Answer And Question Script
1 EDB exploit
685
VMScore
CVE-2009-1663
Unrestricted file upload vulnerability in myaccount.php in Easy Scripts Answer and Question Script allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads/[username...
Easy-scripts Answer And Question Script
1 EDB exploit
755
VMScore
CVE-2009-1664
myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote malicious users to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.
Easy-scripts Answer And Question Script
1 EDB exploit
645
VMScore
CVE-2009-1665
myaccount.php in Easy Scripts Answer and Question Script allows remote malicious users to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.
Easy-scripts Answer And Question Script
1 EDB exploit
755
VMScore
CVE-2017-17871
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
Jextn Jextn Question And Answer 3.1.0
1 EDB exploit
445
VMScore
CVE-2012-4257
Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote malicious users to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message.
George Karpouzas Yet Another Question & Answer System 1.0
NA
CVE-2024-23349
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: up to and including 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted que...
NA
CVE-2024-29217
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: prior to 1.3.0. XSS attack when user changes personal website. A logged-in user, when modifying their personal website, ...
NA
CVE-2024-22393
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: up to and including 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an...
1 Github repository
NA
CVE-2024-26578
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: up to and including 1.2.1. Repeated submission during registration resulted in the registration of the same user....
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »