Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2006-7189
Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP prior to 20060403 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer.
Web-app.net Webapp 0.9.9.6
668
VMScore
CVE-2007-1829
Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "[having] other [security] issues too, not as bad as letting users take over your admin account, but bad too."
Web-app.net Webapp 0.9.9.6
383
VMScore
CVE-2007-1830
Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote malicious users to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch",...
Web-app.org Webapp 0.9.9.6
187
VMScore
CVE-2014-5449
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
Zarafa Webaccess 4.1
Zarafa Webapp -
465
VMScore
CVE-2005-1707
The fn_show_postinst function in Gentoo webapp-config prior to 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
Gentoo Linux Webapp-config 1.10
1 EDB exploit
445
VMScore
CVE-2019-9105
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote malicious users to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&a...
Saet Tebe Small Firmware 05.01
Saet Webapp 04.68
668
VMScore
CVE-2019-9106
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote malicious users to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.
Saet Tebe Small Firmware 05.01
Saet Webapp 04.68
187
VMScore
CVE-2014-5447
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
Zarafa Zarafa 7.1.10
Zarafa Webapp 1.6
445
VMScore
CVE-2013-5532
Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote malicious users to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343.
Cisco Unified Ip Phones 9900 Series Firmware -
Cisco Unified Ip Phone 9951
Cisco Unified Ip Phone 9971
187
VMScore
CVE-2014-0103
WebAccess in Zarafa prior to 7.1.10 and WebApp prior to 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Fedoraproject Fedora 19
Zarafa Zarafa 7.0.10
Zarafa Zarafa 7.0.12
Zarafa Zarafa 7.0.7
Zarafa Zarafa 7.0.9
Zarafa Webapp
Zarafa Zarafa
Zarafa Zarafa 7.0
Zarafa Zarafa 7.0.1
Zarafa Zarafa 7.1.1
Zarafa Zarafa 7.0.2
Zarafa Zarafa 7.0.3
Zarafa Zarafa 7.0.4
Zarafa Zarafa 7.0.5
Zarafa Zarafa 7.1.2
Zarafa Zarafa 7.1.3
Zarafa Zarafa 7.1.4
Fedoraproject Fedora 20
Zarafa Zarafa 7.0.11
Zarafa Zarafa 7.0.13
Zarafa Zarafa 7.0.6
Zarafa Zarafa 7.0.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »