Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smarty vulnerabilities and exploits
(subscribe to this query)
6
CVSSv2
CVE-2008-3325
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x prior to 1.6.7 and 1.7.x prior to 1.7.5 allows remote malicious users to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
Moodle Moodle
Debian Debian Linux 4.0
2.6
CVSSv2
CVE-2008-3326
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x prior to 1.6.7 and 1.7.x prior to 1.7.5 allows remote malicious users to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
Moodle Moodle 1.6.0
Moodle Moodle 1.6.1
Moodle Moodle 1.6.2
Moodle Moodle 1.7.2
Moodle Moodle 1.7.3
Moodle Moodle 1.6.3
Moodle Moodle 1.6.4
Moodle Moodle 1.7.4
Moodle Moodle 1.6.5
Moodle Moodle 1.6.6
Moodle Moodle 1.7.1
7.5
CVSSv2
CVE-2008-2520
Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) syst...
Bigace Bigace 2.4
1 EDB exploit
4.3
CVSSv2
CVE-2008-1502
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare prior to 1.4.003, Moodle prior to 1.8.5, and other products, allows remote malicious users to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string contai...
Moodle Moodle 1.8.1
Moodle Moodle 1.6.7
Moodle Moodle 1.5.0
Moodle Moodle 1.5.3
Moodle Moodle 1.4.2
Moodle Moodle 1.4.1
Moodle Moodle 1.2.0
Moodle Moodle 1.1.1
Moodle Moodle
Moodle Moodle 1.7.4
Moodle Moodle 1.7.3
Moodle Moodle 1.6.4
Moodle Moodle 1.6.3
Moodle Moodle 1.6.2
Moodle Moodle 1.5
Moodle Moodle 1.4.5
Moodle Moodle 1.3.2
Moodle Moodle 1.3.1
Egroupware Egroupware 1.0.3
Egroupware Egroupware 1.0.1
Moodle Moodle 1.7.6
Moodle Moodle 1.7.5
7.5
CVSSv2
CVE-2008-1066
The modifier.regex_replace.php plugin in Smarty prior to 2.6.19, as used by Serendipity (S9Y) and other products, allows malicious users to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
Smarty Smarty
4.3
CVSSv2
CVE-2007-3555
Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote malicious users to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.
Moodle Moodle 1.7.1
1 EDB exploit
5
CVSSv2
CVE-2007-3171
Uebimiau Webmail allows remote malicious users to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.
Uebimiau Uebimiau 2.7.10
Uebimiau Uebimiau 2.7.2
Uebimiau Uebimiau 2.7.9
1 EDB exploit
7.5
CVSSv2
CVE-2007-2608
PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote malicious users to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter.
Miplex2 Miplex2 Alpha 1
1 EDB exploit
7.5
CVSSv2
CVE-2007-2326
Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote malicious users to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4)...
Goldcoders Hyip Manager Pro
1 EDB exploit
7.5
CVSSv2
CVE-2007-2021
Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_...
Pineapple Technologies Lore 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »