Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2007-1830
Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote malicious users to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch",...
Web-app.org Webapp 0.9.9.6
5
CVSSv2
CVE-2006-7188
The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP prior to 20060909 allows remote malicious users to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable.
Web-app.net Webapp 0.9.9.6
5
CVSSv2
CVE-2004-1742
Directory traversal vulnerability in WebAPP 0.9.9 allows remote malicious users to view arbitrary files via a .. (dot dot) in the viewcat parameter.
Web-app.org Webapp 0.9.9
1 EDB exploit
4.6
CVSSv2
CVE-2005-1707
The fn_show_postinst function in Gentoo webapp-config prior to 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
Gentoo Linux Webapp-config 1.10
1 EDB exploit
2.1
CVSSv2
CVE-2014-5449
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
Zarafa Webaccess 4.1
Zarafa Webapp -
7.5
CVSSv2
CVE-2019-9106
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote malicious users to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.
Saet Tebe Small Firmware 05.01
Saet Webapp 04.68
5
CVSSv2
CVE-2019-9105
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote malicious users to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&a...
Saet Tebe Small Firmware 05.01
Saet Webapp 04.68
2.1
CVSSv2
CVE-2014-5447
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
Zarafa Zarafa 7.1.10
Zarafa Webapp 1.6
5
CVSSv2
CVE-2013-5532
Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote malicious users to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343.
Cisco Unified Ip Phones 9900 Series Firmware -
Cisco Unified Ip Phone 9951
Cisco Unified Ip Phone 9971
2.1
CVSSv2
CVE-2014-0103
WebAccess in Zarafa prior to 7.1.10 and WebApp prior to 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Fedoraproject Fedora 19
Zarafa Zarafa 7.0.10
Zarafa Zarafa 7.0.12
Zarafa Zarafa 7.0.7
Zarafa Zarafa 7.0.9
Zarafa Webapp
Zarafa Zarafa
Zarafa Zarafa 7.0
Zarafa Zarafa 7.0.1
Zarafa Zarafa 7.1.1
Zarafa Zarafa 7.0.2
Zarafa Zarafa 7.0.3
Zarafa Zarafa 7.0.4
Zarafa Zarafa 7.0.5
Zarafa Zarafa 7.1.2
Zarafa Zarafa 7.1.3
Zarafa Zarafa 7.1.4
Fedoraproject Fedora 20
Zarafa Zarafa 7.0.11
Zarafa Zarafa 7.0.13
Zarafa Zarafa 7.0.6
Zarafa Zarafa 7.0.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »