Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerability-lab vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-2909
Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar.
Viscacha Viscacha 0.8.1.1
1 EDB exploit
NA
CVE-2012-2938
Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote malicious users to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.
Itechscripts Travelon Express 6.2.2
1 EDB exploit
NA
CVE-2012-2939
Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
Itechscripts Travelon Express 6.2.2
1 EDB exploit
NA
CVE-2012-4992
Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.
Flashfxp Flashfxp 4.2
1 EDB exploit
NA
CVE-2015-5149
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
Zohocorp Manageengine Supportcenter Plus 7.90
1 EDB exploit
NA
CVE-2015-5150
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parame...
Zohocorp Manageengine Supportcenter Plus 7.90
1 EDB exploit
NA
CVE-2010-4980
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote malicious users to execute arbitrary SQL commands via the pid parameter.
Iscripts Reservelogic 1.0
2 EDB exploits
NA
CVE-2012-1226
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote malicious users to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/ac...
Dolibarr Dolibarr Erp\\/crm 3.2.0
2 EDB exploits
8.8
CVSSv3
CVE-2019-14422
An issue exists in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?pa...
Tortoisesvn Tortoisesvn 1.12.1
1 EDB exploit
7.8
CVSSv3
CVE-2018-5282
Kentico 9.0 up to and including 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, read...
Kentico Kentico Cms
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »