Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-2005
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote malicious users to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) ...
Datalifecms Datalife Engine 8.3
4 EDB exploits
NA
CVE-2007-1424
Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote malicious users to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third...
Softnews Media Group Datalife Engine 4.1
Softnews Media Group Datalife Engine 5.5
2 EDB exploits
NA
CVE-2013-3522
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and previous versions allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
Vbulletin Vbulletin 5.0.0
2 EDB exploits
5.3
CVSSv3
CVE-2019-8292
Online Store System v1.0 delete_product.php doesn't check to see if a user authtenticated or has administrative rights allowing arbitrary product deletion.
Online Store System Project Online Store System 1.0
9.8
CVSSv3
CVE-2019-16759
vBulletin 5.x up to and including 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Vbulletin Vbulletin
1 EDB exploit
1 Metasploit module
16 Github repositories
NA
CVE-2009-2587
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote malicious users to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php...
Dragdropcart Dragdropcart -
6 EDB exploits
NA
CVE-2012-4393
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud prior to 4.0.6 allow remote malicious users to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calen...
Owncloud Owncloud 4.0.3
Owncloud Owncloud 4.0.2
Owncloud Owncloud 4.0.1
Owncloud Owncloud 4.0.0
Owncloud Owncloud 3.0.1
Owncloud Owncloud 4.0.4
Owncloud Owncloud
Owncloud Owncloud 3.0.3
Owncloud Owncloud 3.0.2
Owncloud Owncloud 3.0.0
4.3
CVSSv3
CVE-2019-16251
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework up to and including 3.3.8 for WordPress allows authenticated options changes.
Yithemes Yith Woocommerce Wishlist
Yithemes Yith Woocommerce Compare
Yithemes Yith Woocommerce Quick View
Yithemes Yith Woocommerce Zoom Magnifier
Yithemes Yith Woocommerce Ajax Search
Yithemes Yith Woocommerce Badge Management
Yithemes Yith Woocommerce Brands Add-on
Yithemes Yith Woocommerce Request A Quote
Yithemes Yith Woocommerce Social Login
Yithemes Yith Woocommerce Order Tracking
Yithemes Yith Woocommerce Pdf Invoice And Shipping List
Yithemes Yith Pre-order For Woocommerce
Yithemes Yith Woocommerce Advanced Reviews
Yithemes Yith Woocommerce Product Add-ons
Yithemes Yith Woocommerce Gift Cards
Yithemes Yith Woocommerce Subscription
Yithemes Yith Woocommerce Affiliates
Yithemes Yith Woocommerce Cart Messages
Yithemes Yith Woocommerce Product Bundles
Yithemes Yith Woocommerce Frequently Bought Together
Yithemes Yith Woocommerce Multi-step Checkout
Yithemes Yith Color And Label Variations For Woocommerce
NA
CVE-2014-8809
Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin prior to 14.11 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text param...
Wpsymposiumpro Wp Symposium
NA
CVE-2013-5957
Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM prior to 4.2.12, 4.3.x prior to 4.3.7, and 4.4.x prior to 4.4.beta4 allow remote malicious users to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcount...
Civicrm Civicrm 4.4.0
Civicrm Civicrm 4.4
Civicrm Civicrm
Civicrm Civicrm 4.2.10
Civicrm Civicrm 4.2.5
Civicrm Civicrm 4.2.4
Civicrm Civicrm 4.2.2
Civicrm Civicrm 4.2.1
Civicrm Civicrm 4.2.9
Civicrm Civicrm 4.2.7
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.2.6
Civicrm Civicrm 4.2.0
Civicrm Civicrm 4.3.3
Civicrm Civicrm 4.3.4
Civicrm Civicrm 4.3.5
Civicrm Civicrm 4.3.6
Civicrm Civicrm 4.3.1
Civicrm Civicrm 4.3.0
Civicrm Civicrm 4.3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »