Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
egix vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2023-46818
An issue exists in ISPConfig prior to 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Ispconfig Ispconfig 3.2.11
Ispconfig Ispconfig
6.1
CVSSv3
CVE-2023-4136
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 up to and including 4.0.2, from 3.1.0 up to ...
Craftercms Craftercms
8.8
CVSSv3
CVE-2023-35808
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing ...
Sugarcrm Sugarcrm
8.8
CVSSv3
CVE-2023-35809
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular us...
Sugarcrm Sugarcrm
7.2
CVSSv3
CVE-2023-35810
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module becau...
Sugarcrm Sugarcrm
8.8
CVSSv3
CVE-2023-35811
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privi...
Sugarcrm Sugarcrm
5.3
CVSSv3
CVE-2023-47271
PKP-WAL (aka PKP Web Application Library or pkp-lib) prior to 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an iss...
Sfu Pkp Web Application Library
NA
CVE-2024-25641
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to ex...
NA
CVE-2014-3781
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear prior to 2.6.3 allows remote malicious users to bypass authentication via an empty password in an XML-RPC request.
Dotclear Dotclear
Dotclear Dotclear 2.6.1
Dotclear Dotclear 2.6
NA
CVE-2014-3782
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear prior to 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some ...
Dotclear Dotclear 2.6.1
Dotclear Dotclear 2.6
Dotclear Dotclear
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »