Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4364
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote malicious users to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
Parsagostar Parsaweb Cms
1 EDB exploit
NA
CVE-2008-2863
Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote malicious users to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/.
Elinestudio Site Composer
1 EDB exploit
NA
CVE-2008-6673
asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote malicious users to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; ...
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-6674
mailPage.asp in QuickerSite 1.8.5 allows remote malicious users to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-2679
SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI.
Realm Project Realm Cms
1 EDB exploit
NA
CVE-2008-2682
_RealmAdmin/login.asp in Realm CMS 2.3 and previous versions allows remote malicious users to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID.
Realm Project Realm Cms 2.3
1 EDB exploit
NA
CVE-2008-0737
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote malicious users to execute arbitrary SQL commands via the helpfield parameter.
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
NA
CVE-2008-0739
SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and previous versions 4.x and 3.x versions, allows remote malicious users to execute arbitrary SQL commands via the FedExAccount parameter.
Shoppingtree Candypress Store 4.1.1.26
Shoppingtree Candypress Store
1 EDB exploit
NA
CVE-2009-0963
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote malicious users to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
Xlinesoft Phprunner 3.1
Xlinesoft Phprunner
1 EDB exploit
7.5
CVSSv3
CVE-2009-0964
UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows malicious users to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.
Xlinesoft Phprunner
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »