Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plus vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-5009
PHP remote file inclusion vulnerability in language/lang_german/lang_main_album.php in phpBB Plus 1.53, and 1.53a prior to 20070922, allows remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Phpbb2 Phpbb2 Plus 1.53
Phpbb2 Phpbb2 Plus 1.53a
1 EDB exploit
2.1
CVSSv2
CVE-2000-0879
LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services.
Plus Technologies Lpplus 3.3
Plus Technologies Lpplus 3.2.2
3.6
CVSSv2
CVE-2000-0880
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.
Plus Technologies Lpplus 3.2.2
Plus Technologies Lpplus 3.3
1 EDB exploit
2.1
CVSSv2
CVE-2000-0881
The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.
Plus Technologies Lpplus 3.2.2
Plus Technologies Lpplus 3.3
1 EDB exploit
3.7
CVSSv2
CVE-2017-3486
Vulnerability in the SQL*Plus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where SQL*Plus execu...
Oracle Sql Plus 12.1.0.2
Oracle Sql Plus 11.2.0.4
6.5
CVSSv2
CVE-2020-11531
The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus before 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated malicious user to execute code in the context of the product by writing a JS...
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Datasecurity Plus
10
CVSSv2
CVE-2020-11532
Zoho ManageEngine DataSecurity Plus before 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an malicious user to bypass authentication for this server and execute all operations in the context of admin user.
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Datasecurity Plus
7.5
CVSSv2
CVE-2005-1506
SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote malicious users to execute arbitrary SQL commands via the perm parameter.
Cj Ultra Plus 1.0.3
Cj Ultra Plus 1.0.4
1 EDB exploit
4.3
CVSSv2
CVE-2017-5593
An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote malicious user to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. Thi...
Psi-plus Psi\\+ 0.16.563.580
Psi-plus Psi\\+ 0.16.571.627
4
CVSSv2
CVE-2022-24447
An issue exists in Zoho ManageEngine Key Manager Plus prior to 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
Zohocorp Manageengine Key Manager Plus 6.0
Zohocorp Manageengine Key Manager Plus
Zohocorp Manageengine Key Manager Plus 6.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »