Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-6496
Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote malicious users to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdo...
Hosting Controller Hosting Controller 6.1 Hotfix 3.3
1 EDB exploit
NA
CVE-2007-6501
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and previous versions allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
Hosting Controller Hosting Controller
1 EDB exploit
NA
CVE-2007-6650
Unrestricted file upload vulnerability in fisheye/upload.php in Bitweaver R2 CMS allows remote malicious users to upload arbitrary files by using the image/gif content type, and possibly other image and PDF content types, as demonstrated by uploading a .htaccess file.
Bitweaver R2 Cms
1 EDB exploit
NA
CVE-2008-0736
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote malicious users to obtain the path via a certain value of the FedExAccount parameter.
Shoppingtree Candypress Store 4.1
Shoppingtree Candypress Store 4.1.1.26
1 EDB exploit
NA
CVE-2008-0738
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and previous versions 4.1.x versions, allow remote malicious users to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName ...
Shoppingtree Candypress Store 4.1.1.26
Shoppingtree Candypress Store
1 EDB exploit
NA
CVE-2008-6676
QuickerSite 1.8.5 allows remote malicious users to obtain sensitive information via a request to showThumb.aspx without any parameters, which reveals the installation path in an error message.
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2008-6678
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote malicious users to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
Quickersite Quickersite 1.8.5
1 EDB exploit
NA
CVE-2009-0422
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and previous versions, when register_globals is disabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] paramet...
Tincan Phplist 2.7.2
Tincan Phplist 2.8.2
Tincan Phplist 2.10.6
Tincan Phplist 2.10.7
Tincan Phplist 2.6.0
Tincan Phplist 2.5.8
Tincan Phplist 2.5.0
Tincan Phplist 2.4.0
Tincan Phplist 2.2.1
Tincan Phplist 2.2.0
Tincan Phplist 1.9.1
Tincan Phplist 1.9.0
Tincan Phplist 2.8.12
Tincan Phplist 2.10.1
Tincan Phplist 2.8.7
Tincan Phplist 2.6.4
Tincan Phplist 2.5.7
Tincan Phplist 2.5.6
Tincan Phplist 2.3.4
Tincan Phplist 2.4.7
Tincan Phplist 2.1.4
Tincan Phplist 2.1.3
1 EDB exploit
NA
CVE-2008-3955
SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page.
Masir Camp E-shop Module
1 EDB exploit
NA
CVE-2008-2861
Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameter...
Elinestudio Site Composer 2.5
Elinestudio Site Composer
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »