Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-3684
Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar prior to 1.2.0 allow remote malicious users to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php.
Masuga Design Unobtrusive Ajax Star Rating Bar
2.6
CVSSv2
CVE-2007-3685
Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar prior to 1.2.0 allows remote malicious users to inject arbitrary web script or HTML via the q parameter.
Masuga Design Unobtrusive Ajax Star Rating Bar
7.5
CVSSv2
CVE-2007-3686
CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar prior to 1.2.0 allows remote malicious users to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter.
Masuga Design Unobtrusive Ajax Star Rating Bar
7.5
CVSSv2
CVE-2019-19790
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote malicious user to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in ...
Telerik Radchart
Telerik Ui For Asp.net Ajax -
7.5
CVSSv2
CVE-2017-9248
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity prior to 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote malicious users to defeat cryptographic pro...
Telerik Sitefinity Cms
Telerik Ui For Asp.net Ajax
1 EDB exploit
17 Github repositories
1 Article
2.6
CVSSv2
CVE-2012-2731
The Ubercart AJAX Cart 6.x-2.x prior to 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote malicious users to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage.
Richardo Ante Ubercart Ajax Cart 6.x-2.0
7.5
CVSSv2
CVE-2010-4365
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote malicious users to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.
Harmistechnology Com Jeajaxeventcalendar
2 EDB exploits
7.5
CVSSv2
CVE-2010-2513
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the view parameter to index.php.
Harmistechnology Com Jeajaxeventcalendar 1.0.5
2 EDB exploits
7.5
CVSSv2
CVE-2008-5653
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote malicious users to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third ...
Myiosoft.com Ajaxportal 3.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-1509
SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote malicious users to execute arbitrary SQL commands via the page parameter.
Myiosoft Ajaxportal 3.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »