Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web blog vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-7737
In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. NOTE: the software maintainer disputes that this is a vulnerability
Zblogcn Z-blogphp 1.5.1.1740
1 EDB exploit
2.6
CVSSv2
CVE-2010-4607
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to sy...
Habariproject Habari 0.6.5
1 EDB exploit
4.3
CVSSv2
CVE-2013-2287
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.
Roberta Bramski Uploader 1.0.4
1 EDB exploit
4.3
CVSSv2
CVE-2008-2855
Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Ownrs Ownrs Beta 3
1 EDB exploit
4.3
CVSSv2
CVE-2008-2962
Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote malicious users to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php.
Myblog Myblog
1 EDB exploit
4.3
CVSSv2
CVE-2007-1873
Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote malicious users to inject arbitrary web script or HTML via the q parameter to the search script.
Mephisto Mephisto 0.7.3
1 EDB exploit
7.8
CVSSv2
CVE-2012-4933
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote malicious users to obta...
Novell Zenworks Asset Management 7.5
NA
CVE-2023-20032
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and previous versions, 0.105.1 and previous versions, and 0.103.7 and previous versions could allow an unauthentic...
Cisco Web Security Appliance
Cisco Secure Endpoint Private Cloud
Cisco Secure Endpoint
Clamav Clamav 1.0.0
Clamav Clamav
Stormshield Stormshield Network Security
2 Github repositories
1 Article
4.3
CVSSv2
CVE-2010-1619
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8, allows remote malicious users to inject arbitrary web script or HTML via craft...
Moodle Moodle 1.8.8
Moodle Moodle 1.8.7
Moodle Moodle 1.8.1
Moodle Moodle 1.8.3
Moodle Moodle 1.9.6
Moodle Moodle 1.8.5
Moodle Moodle 1.8.4
Moodle Moodle 1.9.3
Moodle Moodle 1.9.5
Moodle Moodle 1.8.2
Moodle Moodle 1.9.2
Moodle Moodle 1.9.1
Moodle Moodle 1.8.9
Moodle Moodle 1.8.6
Moodle Moodle 1.8.10
Moodle Moodle 1.8.11
Moodle Moodle 1.9.4
Moodle Moodle 1.9.7
4.3
CVSSv2
CVE-2007-3339
Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote malicious users to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/...
Fusetalk Fusetalk 4.0
Fusetalk Fusetalk 3.0
Fusetalk Fusetalk 2.0
Fusetalk Fusetalk 3.2
3 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »