Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2009-4385
Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote malicious users to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication ...
Scriptsez Ez Poll Hoster
1 EDB exploit
7.5
CVSSv2
CVE-2009-4386
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote malicious users to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.
Bookingcentre Booking System For Hotels Group -
1 EDB exploit
4.3
CVSSv2
CVE-2009-4387
The cross-site scripting (XSS) protection mechanism in ShowInContentAreaAction.do in ManageEngine Password Manager Pro (PMP) prior to 6.1 Build 6104 uses case-sensitive checks for malicious inputs, which allows remote malicious users to inject arbitrary web script or HTML via the...
Manageengine Password Manager Pro 5.2
Manageengine Password Manager Pro 5.1
Manageengine Password Manager Pro 5.0
Manageengine Password Manager Pro 4.8
Manageengine Password Manager Pro 4.7
Manageengine Password Manager Pro
Manageengine Password Manager Pro 5.4
Manageengine Password Manager Pro 4.6
Manageengine Password Manager Pro6.1
Manageengine Password Manager Pro 6.0
Manageengine Password Manager Pro 5.3
5
CVSSv2
CVE-2009-4389
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and previous versions for TYPO3 allows remote malicious users to obtain sensitive information via unknown attack vectors.
Robert Puntigam Aba Watchdog 2.0.1
Robert Puntigam Aba Watchdog
Robert Puntigam Aba Watchdog 2.0.0
6.8
CVSSv2
CVE-2019-14541
GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code.
Gnucobol Project Gnucobol 2.2
7.5
CVSSv2
CVE-2019-14544
routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.
Gogs Gogs 0.11.86
3.5
CVSSv2
CVE-2019-14547
An issue exists in EspoCRM prior to 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attachments. The attacker could injec...
Espocrm Espocrm
7.5
CVSSv2
CVE-2009-4392
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and previous versions for TYPO3 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Typo3 Xds Staff
3.5
CVSSv2
CVE-2019-14548
An issue exists in EspoCRM prior to 5.6.9. Stored XSS in the body of an Article was executed when a victim opens articles received through mail. This Article can be formed by an attacker using the Knowledge Base feature in the tab list. The attacker could inject malicious JavaScr...
Espocrm Espocrm
7.5
CVSSv2
CVE-2019-14551
Das Q prior to 2019-08-02 allows web sites to execute arbitrary code on client machines, as demonstrated by a cross-origin /install request with an attacker-controlled releaseUrl, which triggers download and execution of code within a ZIP archive.
Daskeyboard Das Q Software
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »