Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-link vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2005-1947
Cross-site request forgery (CSRF) vulnerability in Invision Gallery prior to 1.3.1 allows remote malicious users to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.
Invisioncommunity Gallery
6.5
CVSSv3
CVE-2018-17168
PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. For example, an administrator, by following a link, can be tricked into making unwanted changes to a printer (Disable, Approve, etc).
Printeron Printeron 4.1.4
NA
CVE-2009-1867
Adobe Flash Player prior to 9.0.246.0 and 10.x prior to 10.0.32.18, and Adobe AIR prior to 1.5.2, allows malicious users to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
Adobe Flash Player 9.0.31.0
Adobe Flash Player 9.0.28.0
Adobe Flash Player 9.0.114.0
Adobe Flex 3.0
Adobe Flash Player 7.2
Adobe Flash Player 8.0
Adobe Flash Player 7.0.70.0
Adobe Air
Adobe Air 1.01
Adobe Air 1.0
Adobe Flash Player 10.0.0.584
Adobe Flash Player 10.0.12.10
Adobe Flash Player 10.0.12.36
Adobe Flash Player 9.0.20
Adobe Flash Player 9.0.16
Adobe Flash Player 7.0.63
Adobe Flash Player 8.0.35.0
Adobe Flash Player 8.0.39.0
Adobe Flash Player
Adobe Flash Player 9.0.112.0
Adobe Flash Player 9.0.28
Adobe Flash Player 9.0.20.0
6.5
CVSSv3
CVE-2023-51071
An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated malicious users to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link.
Qstar Archive Storage Manager 3-0
7.5
CVSSv3
CVE-2019-20529
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.
Frappe Frappe 11.0.0
Frappe Frappe 12.0.0
NA
CVE-2009-0485
Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to 2.22.7, 3.0 prior to 3.0.7, 3.2 prior to 3.2.1, and 3.3 prior to 3.3.2 allows remote malicious users to delete unused flag types via a link or IMG tag to editflagtypes.cgi.
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.20.6
Mozilla Bugzilla 2.20.7
Mozilla Bugzilla 2.22.3
Mozilla Bugzilla 2.22.4
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.19
Mozilla Bugzilla 2.19.1
Mozilla Bugzilla 2.20.2
Mozilla Bugzilla 2.20.3
Mozilla Bugzilla 2.22
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.2
NA
CVE-2008-5282
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote malicious users to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
W3c Amaya Web Browser 10.0.1
2 EDB exploits
NA
CVE-2002-1027
Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote malicious users to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter.
Macromedia Sitespring 1.2.0
1 EDB exploit
NA
CVE-2009-1042
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote malicious users to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
Apple Safari
NA
CVE-2009-1043
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote malicious users to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
Microsoft Internet Explorer 8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »