Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-6495
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an ...
Hosting Controller Hosting Controller 6.1 Hotfix 3.3
1 EDB exploit
NA
CVE-2007-6496
Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote malicious users to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdo...
Hosting Controller Hosting Controller 6.1 Hotfix 3.3
1 EDB exploit
NA
CVE-2007-6497
Hosting Controller 6.1 Hot fix 3.3 and previous versions (1) allows remote malicious users to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount ...
Hosting Controller Hosting Controller
1 EDB exploit
NA
CVE-2007-6499
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
Hosting Controller Hosting Controller
1 EDB exploit
NA
CVE-2007-6501
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
Hosting Controller Hosting Controller
1 EDB exploit
NA
CVE-2007-6504
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
Hosting Controller Hosting Controller
1 EDB exploit
NA
CVE-2008-6674
mailPage.asp in QuickerSite 1.8.5 allows remote malicious users to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-0546
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and previous versions 4.1.x versions, allow remote malicious users to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter ...
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
NA
CVE-2008-0547
Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote malicious users to inject arbitrary web script or HTML via the helpfield parameter.
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
NA
CVE-2008-0737
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote malicious users to execute arbitrary SQL commands via the helpfield parameter.
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »