Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
articles vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2006-3103
Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote malicious users to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php.
Bitweaver Bitweaver 1.3
1 EDB exploit
5
CVSSv2
CVE-2008-0329
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote malicious users to accept comments, delete comments, and delete articles via the id parameter.
Julien Plesniak Lulieblog 1.0.1
Julien Plesniak Lulieblog 1.0.2
1 EDB exploit
NA
CVE-2023-27160
forem up to v2022.11.11 exists to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows malicious users to access network resources and sensitive information via a crafted POST request.
Forem Forem
3.5
CVSSv2
CVE-2010-4760
Open Ticket Request System (OTRS) prior to 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.
Otrs Otrs 2.1.1
Otrs Otrs 2.2.6
Otrs Otrs 2.2.4
Otrs Otrs 2.2.8
Otrs Otrs 2.2.0
Otrs Otrs 1.3.2
Otrs Otrs 2.2.1
Otrs Otrs 2.0.0
Otrs Otrs 0.5
Otrs Otrs 1.0
Otrs Otrs 2.1.7
Otrs Otrs 1.3.1
Otrs Otrs 1.2.1
Otrs Otrs 1.2.2
Otrs Otrs 1.2.3
Otrs Otrs 1.3.0
Otrs Otrs 2.4.4
Otrs Otrs 2.4.5
Otrs Otrs 2.3.5
Otrs Otrs 2.4.6
Otrs Otrs 2.1.5
Otrs Otrs 2.3.1
7.5
CVSSv2
CVE-2007-6577
Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote malicious users to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.
Zsuite Zblog 1.2
1 EDB exploit
3.5
CVSSv2
CVE-2022-25582
A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.
Classcms Project Classcms
1 Github repository
5
CVSSv2
CVE-2003-0744
The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote malicious users to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input.
Leafnode Leafnode 1.9.23
Leafnode Leafnode 1.9.24
Leafnode Leafnode 1.9.36
Leafnode Leafnode 1.9.37
Leafnode Leafnode 1.9.19
Leafnode Leafnode 1.9.20
Leafnode Leafnode 1.9.27
Leafnode Leafnode 1.9.29
Leafnode Leafnode 1.9.30
Leafnode Leafnode 1.9.40
Leafnode Leafnode 1.9.41
Leafnode Leafnode 1.9.25
Leafnode Leafnode 1.9.26
Leafnode Leafnode 1.9.38
Leafnode Leafnode 1.9.39
Leafnode Leafnode 1.9.21
Leafnode Leafnode 1.9.22
Leafnode Leafnode 1.9.31
Leafnode Leafnode 1.9.35
4
CVSSv2
CVE-2007-3017
The WYSIWYG editor applet in activeWeb contentserver CMS prior to 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edi...
Activeweb Contentserver
1 EDB exploit
4
CVSSv2
CVE-2022-1553
Leaking password protected articles content due to improper access control in GitHub repository publify/publify before 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidential...
Publify Project Publify
4.3
CVSSv2
CVE-2018-16833
Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI.
Zohocorp Manageengine Desktop Central 10.0.271
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »