Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2009-0964
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows malicious users to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
Xlinesoft Phprunner
1 EDB exploit
NA
CVE-2008-7208
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote malicious users to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.
Insane Visions Onecms
1 EDB exploit
NA
CVE-2008-7209
Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote malicious users to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing ...
Insane Visions Onecms
1 EDB exploit
NA
CVE-2008-6675
Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote malicious users to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through def...
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-6677
Unrestricted file upload vulnerability in fckeditor251/editor/filemanager/connectors/asp/upload.asp in QuickerSite 1.8.5 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-6673
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote malicious users to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; ...
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-6674
mailPage.asp in QuickerSite 1.8.5 allows remote malicious users to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-6676
QuickerSite 1.8.5 allows remote malicious users to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message.
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-6678
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote malicious users to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2009-0963
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote malicious users to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
Xlinesoft Phprunner 3.1
Xlinesoft Phprunner
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »