Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0466
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote malicious users to list directories and read files. NOTE: this can be leveraged for listings outside the c...
Webwiz Web Wiz Forums 9.07
Webwiz Web Wiz Newspad 1.02
Webwiz Web Wiz Rich Text Editor 4.0
2 EDB exploits
NA
CVE-2008-2022
Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requ...
Pd9 Software Megabbs 2.2
1 EDB exploit
NA
CVE-2007-6079
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using ...
Bcoos Bcoos 1.0.10
1 EDB exploit
NA
CVE-2008-2023
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote malicious users to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.
Pd9 Software Megabbs 2.2
1 EDB exploit
NA
CVE-2008-6678
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote malicious users to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2007-6078
Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote malicious users to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4...
Skyportal Skyportal Rc6
1 EDB exploit
NA
CVE-2007-6650
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote malicious users to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file.
Bitweaver R2 Cms
1 EDB exploit
NA
CVE-2007-6651
Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote malicious users to obtain sensitive information (script source code) via a .. (dot dot) in the suck_url parameter.
Bitweaver Bitweaver 2.0.0
1 EDB exploit
NA
CVE-2008-3955
SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page.
Masir Camp E-shop Module
1 EDB exploit
NA
CVE-2008-4364
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote malicious users to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
Parsagostar Parsaweb Cms
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »