Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plus vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2008-4241
SQL injection vulnerability in CJ Ultra Plus 1.0.4 and previous versions allows remote malicious users to execute arbitrary SQL commands via an SID cookie.
Cj Ultra Plus
Cj Ultra Plus 1.0.3
1 EDB exploit
383
VMScore
CVE-2022-27496
Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and previous versions allows a remote malicious user to inject an arbitrary script via unspecified vectors.
Zero-channel Plus Project Zero-channel Plus
NA
CVE-2024-24013
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
NA
CVE-2024-24014
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
NA
CVE-2024-24018
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
NA
CVE-2024-24019
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
NA
CVE-2024-24024
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
NA
CVE-2024-24025
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
NA
CVE-2024-24026
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download.
Xxyopen Novel-plus
Xxyopen Novel-plus 4.3.0
445
VMScore
CVE-2021-31160
Zoho ManageEngine ServiceDesk Plus MSP prior to 10521 allows an malicious user to access internal data.
Zohocorp Manageengine Servicedesk Plus 10.5
Zohocorp Manageengine Servicedesk Plus Msp
Zohocorp Manageengine Servicedesk Plus Msp 10.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »