Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2007-6495
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an ...
Hosting Controller Hosting Controller 6.1 Hotfix 3.3
1 EDB exploit
7.5
CVSSv2
CVE-2007-6497
Hosting Controller 6.1 Hot fix 3.3 and previous versions (1) allows remote malicious users to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount ...
Hosting Controller Hosting Controller
1 EDB exploit
7.5
CVSSv2
CVE-2007-6498
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and previous versions allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts...
Hosting Controller Hosting Controller 6.1 Hotfix 3.3
1 EDB exploit
5.5
CVSSv2
CVE-2007-6499
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
Hosting Controller Hosting Controller
1 EDB exploit
4.9
CVSSv2
CVE-2007-6500
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
Hosting Controller Hosting Controller
1 EDB exploit
5.5
CVSSv2
CVE-2007-6501
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
Hosting Controller Hosting Controller
1 EDB exploit
5.5
CVSSv2
CVE-2007-6502
Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using ...
Hosting Controller Hosting Controller
1 EDB exploit
5.5
CVSSv2
CVE-2007-6504
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
Hosting Controller Hosting Controller
1 EDB exploit
7.5
CVSSv2
CVE-2007-6650
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote malicious users to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file.
Bitweaver R2 Cms
1 EDB exploit
4.3
CVSSv2
CVE-2008-2967
Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and previous versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlare...
Yektaweb Academic Web Tools
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »