Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
egix vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-2212
The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class in app/code/core/Mage/Rss/Helper/Order.php in Magento Enterprise Edition prior to 1.14.2.3 and Magento Community Edition prior to 1.9.2.3 allows remote malicious users to obtain sensitive order information via...
Magento Magento
3.5
CVSSv2
CVE-2020-17372
SugarCRM prior to 10.1.0 (Q3 2020) allows XSS.
Sugarcrm Sugarcrm
5.1
CVSSv2
CVE-2008-1856
plugins/maps/db_handler.php in LinPHA 1.3.3 and previous versions does not require authentication for a settings action that modifies the configuration file, which allows remote malicious users to conduct directory traversal attacks and execute arbitrary local files by placing di...
Linpha Linpha 0.9.1
Linpha Linpha 0.9.2
Linpha Linpha 0.9.3
Linpha Linpha 1.1.1
Linpha Linpha 1.2.0
Linpha Linpha 0.9.4
Linpha Linpha 1.0
Linpha Linpha 1.3.0
Linpha Linpha 1.3.1
Linpha Linpha 1.3.2
Linpha Linpha
Linpha Linpha 0.9.0
Linpha Linpha 1.1.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-2267
Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and previous versions allows remote malicious users to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5...
Cms Made Simple Cms Made Simple 1.2.4
1 EDB exploit
4.3
CVSSv2
CVE-2015-7711
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the h parameter.
Atutor Atutor
6.5
CVSSv2
CVE-2015-7712
Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and previous versions allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.
Atutor Atutor
7.5
CVSSv2
CVE-2007-6622
SQL injection vulnerability in security.php in ZeusCMS 0.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the Referer HTTP header.
Zeuscms Zeuscms
1 EDB exploit
7.5
CVSSv2
CVE-2008-2742
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 up to and including 1.3.2 allows remote malicious users to execute arbitrary code by uploading a file with .php followed by a safe ex...
Achievo Achievo 1.2.0
Achievo Achievo 1.2.1
Achievo Achievo 1.3.0
Achievo Achievo 1.3.1
Achievo Achievo 1.3.2
1 EDB exploit
7.5
CVSSv2
CVE-2011-4337
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 up to and including 3.65 allows remote malicious users to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
Sitracker Support Incident Tracker 3.6
Sitracker Support Incident Tracker 3.60
Sitracker Support Incident Tracker 3.61
Sitracker Support Incident Tracker 3.62
Sitracker Support Incident Tracker 3.45
Sitracker Support Incident Tracker 3.50
Sitracker Support Incident Tracker 3.64
Sitracker Support Incident Tracker 3.63
Sitracker Support Incident Tracker 3.51
Sitracker Support Incident Tracker 3.65
1 EDB exploit
6.8
CVSSv2
CVE-2015-8379
CakePHP 2.x and 3.x prior to 3.1.5 might allow remote malicious users to bypass the CSRF protection mechanism via the _method parameter.
Cakephp Cakephp 3.1.1
Cakephp Cakephp 3.1.0
Cakephp Cakephp 3.0.11
Cakephp Cakephp 3.0.10
Cakephp Cakephp 3.0.3
Cakephp Cakephp 3.0.2
Cakephp Cakephp 3.0.0
Cakephp Cakephp 2.7.7
Cakephp Cakephp 2.7.6
Cakephp Cakephp 2.7.0
Cakephp Cakephp 2.6.12
Cakephp Cakephp 2.6.5
Cakephp Cakephp 2.6.4
Cakephp Cakephp 2.5.8
Cakephp Cakephp 2.5.7
Cakephp Cakephp 2.5.0
Cakephp Cakephp 2.4.6
Cakephp Cakephp 2.4.5
Cakephp Cakephp 2.4.4
Cakephp Cakephp 2.4.0
Cakephp Cakephp 2.3.10
Cakephp Cakephp 2.3.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »