Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-2878
Open redirect vulnerability in rss_getfile.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and previous versions, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the file parameter.
Yektaweb Academic Web Tools
1 EDB exploit
NA
CVE-2008-0473
RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote malicious users to upload (1) .html and (2) .htm files via unspecified vectors.
Web Wiz Rich Text Editor 4.0
1 EDB exploit
NA
CVE-2008-0479
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote malicious users to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
Web Wiz Newspad 1.02
1 EDB exploit
NA
CVE-2008-0480
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and previous versions allow remote malicious users to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
Web Wiz Web Wiz Forums
1 EDB exploit
NA
CVE-2008-0547
Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote malicious users to inject arbitrary web script or HTML via the helpfield parameter.
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
NA
CVE-2008-0427
Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Bloo Bloofoxcms 0.3
1 EDB exploit
NA
CVE-2008-0428
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
Bloofoxcms Bloofoxcms 0.3
1 EDB exploit
NA
CVE-2008-0481
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote malicious users to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
Web Wiz Rich Text Editor 4.0
1 EDB exploit
NA
CVE-2008-0546
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and previous versions 4.1.x versions, allow remote malicious users to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter ...
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
NA
CVE-2008-2753
Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote malicious users to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/.
Paridel Pooya Site Builder 6.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »