Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plus vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-24023
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24024
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24025
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
9.8
CVSSv3
CVE-2024-24026
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
NA
CVE-2011-1509
The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and previous versions uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote malicious users to obtain sensitive information by sniffing the network.
Manageengine Servicedesk Plus 8.0
Manageengine Servicedesk Plus
NA
CVE-2008-4241
SQL injection vulnerability in CJ Ultra Plus 1.0.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via an SID cookie.
Cj Ultra Plus 1.0.3
Cj Ultra Plus
1 EDB exploit
NA
CVE-2007-5100
Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a prior to 20070922, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album...
Phpbb Phpbb Plus 1.53
Phpbb Phpbb Plus
NA
CVE-2006-2735
PHP remote file inclusion vulnerability in language/lang_english/lang_activity.php in Activity MOD Plus (Amod) 1.1.0, as used with phpBB when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE:...
Activity Mod Plus Activity Mod Plus 1.1.0
1 EDB exploit
NA
CVE-2006-3973
My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.
My Firewall Plus My Firewall Plus 5.0 Build 1119
7.5
CVSSv3
CVE-2021-31160
Zoho ManageEngine ServiceDesk Plus MSP prior to 10521 allows an malicious user to access internal data.
Zohocorp Manageengine Servicedesk Plus 10.5
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 10.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »