Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4956
CVE-2024-4956 POC - CVE-2024–4956 - Nexus Repository Manager 3 Unauthenticated Path Traversal
3 Github repositories
383
VMScore
CVE-2010-2229
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Moodle Moodle 1.8.7
Moodle Moodle 1.8.6
Moodle Moodle 1.7.3
Moodle Moodle 1.6.4
Moodle Moodle 1.6.6
Moodle Moodle 1.5.1
Moodle Moodle 1.5.2
Moodle Moodle 1.4.4
Moodle Moodle 1.3.4
Moodle Moodle 1.8.9
Moodle Moodle 1.8.8
Moodle Moodle 1.8.1
Moodle Moodle 1.6.3
Moodle Moodle 1.6.5
Moodle Moodle 1.6.2
Moodle Moodle 1.5
Moodle Moodle 1.4.2
Moodle Moodle 1.4.5
Moodle Moodle 1.2.0
Moodle Moodle 1.1.1
Moodle Moodle
Moodle Moodle 1.8.5
495
VMScore
CVE-2009-2334
wp-admin/admin.php in WordPress and WordPress MU prior to 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote malicious users to specify a configuration file in the page parameter to obtain sensitive information or mod...
Wordpress Wordpress 2.3.3
Wordpress Wordpress 2.3.2
Wordpress Wordpress 2.2.2
Wordpress Wordpress 2.2.1
Wordpress Wordpress 2.1.1
Wordpress Wordpress 2.1
Wordpress Wordpress 2.6
Wordpress Wordpress 2.3.1
Wordpress Wordpress 2.2.0
Wordpress Wordpress 2.2
Wordpress Wordpress 2.0.9
Wordpress Wordpress 2.0.8
Wordpress Wordpress 2.0.11
Wordpress Wordpress 2.0.10 Rc2
Wordpress Wordpress 1.5.1.3
Wordpress Wordpress 1.5.1.2
Wordpress Wordpress 1.2.2
Wordpress Wordpress 1.2.1
Wordpress Wordpress 2.5.1
Wordpress Wordpress 2.5
Wordpress Wordpress 2.3
Wordpress Wordpress 2.2 Revision5003
1 EDB exploit
890
VMScore
CVE-2013-0809
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and previous versions, 6 Update 41 and previous versions, and 5.0 Update 40 and previous versions allows remote malicious users to execute arbitrary code vi...
Sun Jre 1.6.0
Oracle Jre 1.6.0
Oracle Jre
Sun Jdk 1.6.0
Oracle Jdk 1.6.0
Oracle Jdk
Sun Jre 1.5.0
Oracle Jre 1.5.0
Sun Jdk 1.5.0
Oracle Jdk 1.5.0
Oracle Jre 1.7.0
Oracle Jdk 1.7.0
1000
VMScore
CVE-2013-1493
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and previous versions, 6 Update 41 and previous versions, and 5.0 Update 40 and previous versions allows remote malicious users to execute arbitrary code or cause a denial of service (crash...
Oracle Jre 1.7.0
Oracle Jre
Sun Jre 1.5.0
Oracle Jre 1.5.0
Sun Jdk 1.6.0
Oracle Jdk 1.6.0
Oracle Jdk
Sun Jre 1.6.0
Oracle Jre 1.6.0
Sun Jdk 1.5.0
Oracle Jdk 1.5.0
Oracle Jdk 1.7.0
1 EDB exploit
3 Articles
445
VMScore
CVE-2021-41524
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known...
Apache Http Server 2.4.49
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Instantis Enterprisetrack 17.1
Oracle Instantis Enterprisetrack 17.2
Oracle Instantis Enterprisetrack 17.3
Netapp Cloud Backup -
1 Article
605
VMScore
CVE-2010-1613
Moodle 1.8.x and 1.9.x prior to 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote malicious users to conduct session fixation attacks.
Moodle Moodle 1.8.6
Moodle Moodle 1.8.5
Moodle Moodle 1.8.11
Moodle Moodle 1.9.4
Moodle Moodle 1.8.4
Moodle Moodle 1.9.3
Moodle Moodle 1.9.5
Moodle Moodle 1.9.2
Moodle Moodle 1.8.8
Moodle Moodle 1.8.2
Moodle Moodle 1.8.1
Moodle Moodle 1.9.1
Moodle Moodle 1.8.7
Moodle Moodle 1.8.9
Moodle Moodle 1.8.3
Moodle Moodle 1.8.10
Moodle Moodle 1.9.6
Moodle Moodle 1.9.7
356
VMScore
CVE-2010-1616
Moodle 1.8.x and 1.9.x prior to 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.
Moodle Moodle 1.8.6
Moodle Moodle 1.8.5
Moodle Moodle 1.9.4
Moodle Moodle 1.9.3
Moodle Moodle 1.8.8
Moodle Moodle 1.8.2
Moodle Moodle 1.8.1
Moodle Moodle 1.8.3
Moodle Moodle 1.9.1
Moodle Moodle 1.8.7
Moodle Moodle 1.8.9
Moodle Moodle 1.8.10
Moodle Moodle 1.8.11
Moodle Moodle 1.9.6
Moodle Moodle 1.9.7
Moodle Moodle 1.8.4
Moodle Moodle 1.9.5
Moodle Moodle 1.9.2
232
VMScore
CVE-2016-0701
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 prior to 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote malicious users to discover a private DH exponent by making multiple ha...
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.2e
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.2
Openssl Openssl 1.0.2d
1 Article
356
VMScore
CVE-2010-2230
The KSES text cleaning filter in lib/weblib.php in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.
Moodle Moodle 1.8.9
Moodle Moodle 1.8.8
Moodle Moodle 1.6.3
Moodle Moodle 1.6.5
Moodle Moodle 1.6.2
Moodle Moodle 1.5
Moodle Moodle 1.5.1
Moodle Moodle 1.4.5
Moodle Moodle 1.4.4
Moodle Moodle 1.2.0
Moodle Moodle 1.1.1
Moodle Moodle
Moodle Moodle 1.8.4
Moodle Moodle 1.8.3
Moodle Moodle 1.7.6
Moodle Moodle 1.7.4
Moodle Moodle 1.6.8
Moodle Moodle 1.6.7
Moodle Moodle 1.5.0
Moodle Moodle 1.4.1
Moodle Moodle 1.3.0
Moodle Moodle 1.3.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »