Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-7190
Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP prior to 20060515 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc.
Web-app.net Webapp 0.9.9.6
NA
CVE-2007-1829
Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "[having] other [security] issues too, not as bad as letting users take over your admin account, but bad too."
Web-app.net Webapp 0.9.9.6
NA
CVE-2007-1830
Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote malicious users to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch",...
Web-app.org Webapp 0.9.9.6
NA
CVE-2014-5449
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
Zarafa Webaccess 4.1
Zarafa Webapp -
NA
CVE-2005-1707
The fn_show_postinst function in Gentoo webapp-config prior to 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
Gentoo Linux Webapp-config 1.10
1 EDB exploit
9.8
CVSSv3
CVE-2019-9106
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote malicious users to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.
Saet Tebe Small Firmware 05.01
Saet Webapp 04.68
NA
CVE-2014-5447
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
Zarafa Zarafa 7.1.10
Zarafa Webapp 1.6
7.5
CVSSv3
CVE-2019-9105
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote malicious users to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&a...
Saet Tebe Small Firmware 05.01
Saet Webapp 04.68
NA
CVE-2013-5532
Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote malicious users to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343.
Cisco Unified Ip Phones 9900 Series Firmware -
Cisco Unified Ip Phone 9951
Cisco Unified Ip Phone 9971
NA
CVE-2014-0103
WebAccess in Zarafa prior to 7.1.10 and WebApp prior to 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Fedoraproject Fedora 19
Zarafa Zarafa 7.0.10
Zarafa Zarafa 7.0.12
Zarafa Zarafa 7.0.7
Zarafa Zarafa 7.0.9
Zarafa Webapp
Zarafa Zarafa
Zarafa Zarafa 7.0
Zarafa Zarafa 7.0.1
Zarafa Zarafa 7.1.1
Zarafa Zarafa 7.0.2
Zarafa Zarafa 7.0.3
Zarafa Zarafa 7.0.4
Zarafa Zarafa 7.0.5
Zarafa Zarafa 7.1.2
Zarafa Zarafa 7.1.3
Zarafa Zarafa 7.1.4
Fedoraproject Fedora 20
Zarafa Zarafa 7.0.11
Zarafa Zarafa 7.0.13
Zarafa Zarafa 7.0.6
Zarafa Zarafa 7.0.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »