Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
egix vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5297
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 up to and including 4.1.7 allows remote malicious users to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.
X2engine X2engine 4.1.7
X2engine X2engine 2.8
NA
CVE-2008-2686
webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and previous versions allows remote malicious users to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request...
Flux Cms Flux Cms 1.3
Flux Cms Flux Cms 1.31
Flux Cms Flux Cms 1.4
Flux Cms Flux Cms
Flux Cms Flux Cms 1.2
1 EDB exploit
NA
CVE-2008-2742
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 up to and including 1.3.2 allows remote malicious users to execute arbitrary code by uploading a file with .php followed by a safe ex...
Achievo Achievo 1.2.0
Achievo Achievo 1.2.1
Achievo Achievo 1.3.0
Achievo Achievo 1.3.1
Achievo Achievo 1.3.2
1 EDB exploit
NA
CVE-2012-1125
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin prior to 1.2 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the fi...
Kishore Asokan Kish Guest Posting Plugin
Kishore Asokan Kish Guest Posting Plugin 1.0
1 EDB exploit
NA
CVE-2008-5967
admin/index.php in PHP iCalendar 2.3.4, 2.24, and previous versions does not require administrative authentication for an addupdate action, which allows remote malicious users to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web ...
Phpicalendar Phpicalendar 0.9
Phpicalendar Phpicalendar 0.8
Phpicalendar Phpicalendar 0.9.5
Phpicalendar Phpicalendar 2.0
Phpicalendar Phpicalendar 2.23
Phpicalendar Phpicalendar 1.1
Phpicalendar Phpicalendar 1.0
Phpicalendar Phpicalendar 2.21
Phpicalendar Phpicalendar 2.22
Phpicalendar Phpicalendar 0.7
Phpicalendar Phpicalendar 2.1
Phpicalendar Phpicalendar 2.2
Phpicalendar Phpicalendar 2.0c
Phpicalendar Phpicalendar 2.0.1
Phpicalendar Phpicalendar 2.24
Phpicalendar Phpicalendar
1 EDB exploit
NA
CVE-2009-0820
Multiple eval injection vulnerabilities in phpScheduleIt prior to 1.2.11 allow remote malicious users to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is al...
Php.brickhost Phpscheduleit 1.0
Php.brickhost Phpscheduleit 1.0.0rc1
Php.brickhost Phpscheduleit 1.0 Rc1
Php.brickhost Phpscheduleit 1.2.0
Php.brickhost Phpscheduleit 1.2.7
Php.brickhost Phpscheduleit 1.2.9
Php.brickhost Phpscheduleit 1.2.2
Php.brickhost Phpscheduleit 1.2.3
Php.brickhost Phpscheduleit 1.2.4
Php.brickhost Phpscheduleit 1.2.5
Php.brickhost Phpscheduleit 1.2.1
Php.brickhost Phpscheduleit 1.2.6
Php.brickhost Phpscheduleit 1.2.8
Php.brickhost Phpscheduleit
1 EDB exploit
NA
CVE-2008-6475
SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and previous versions allows remote malicious users to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php.
Drake Team Drake Cms
Drake Team Drake Cms 0.2
1 EDB exploit
9.8
CVSSv3
CVE-2014-3990
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and previous versions allows remote malicious users to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External Entity (XXE) attacks and execute arbitrary code via a crafted ser...
Opencart Opencart
6.1
CVSSv3
CVE-2015-7711
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the h parameter.
Atutor Atutor
NA
CVE-2015-7816
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik prior to 2.15.0 allows remote malicious users to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.
Matomo Matomo
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »