Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

high-tech bridge vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2014-4170
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
Freereprintables Articlefr
NA
CVE-2013-6788
The Bitrix e-Store module prior to 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote malicious users to guess the cookie value and bypass authentication via a brute force attack.
Bitrix Bitrix E-store Module
6.1
CVSSv3
CVE-2015-3421
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and previous versions does not validate variables in the "eshopcart" HTTP cookie, which allows remote malicious users to perform cross-site scripting (XSS) attacks, or a path disclosure att...
Eshop Project Eshop
NA
CVE-2012-4233
LibreOffice 3.5.x prior to 3.5.7.2 and 3.6.x prior to 3.6.1, and OpenOffice.org (OOo), allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon ...
Libreoffice Libreoffice 3.5.0Libreoffice Libreoffice 3.5.3Libreoffice Libreoffice 3.5.1Libreoffice Libreoffice 3.5.4Libreoffice Libreoffice 3.5.Libreoffice Libreoffice 3.5.6Libreoffice Libreoffice 3.5.6.1Libreoffice Libreoffice 3.5.2Libreoffice Libreoffice 3.5.5Libreoffice Libreoffice 3.5.5.1Sun Openoffice.org -Libreoffice Libreoffice 3.5.6.2Libreoffice Libreoffice 3.5.6.3Libreoffice LibreofficeLibreoffice Libreoffice 3.5Libreoffice Libreoffice 3.5.5.2Libreoffice Libreoffice 3.5.5.3
NA
CVE-2013-2649
Hero Framework - '/users/login?Username' Cross-Site Scripting
NA
CVE-2013-0804
The client in Novell GroupWise 8.0 prior to 8.0.3 HP2 and 2012 before SP1 HP1 allows remote malicious users to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
Novell Groupwise 8.00Novell Groupwise 8.0Novell Groupwise 8.01Novell Groupwise 8.02Novell Groupwise 8.03Novell Groupwise 2012
NA
CVE-2013-7346
Cross-site request forgery (CSRF) vulnerability in Symphony CMS prior to 2.3.2 allows remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.
Getsymphony SymphonyGetsymphony Symphony 2.0.7Getsymphony Symphony 2.1.1Getsymphony Symphony 2.0Getsymphony Symphony 2.0.3Getsymphony Symphony 2.0.4Getsymphony Symphony 2.0.5Getsymphony Symphony 2.3Getsymphony Symphony 2.0.6Getsymphony Symphony 2.1.0
NA
CVE-2012-1470
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal prior to 7.1.6 allow remote malicious users to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
Ocportal Ocportal 7.0Ocportal Ocportal 6.2Ocportal Ocportal 6.1.1Ocportal Ocportal 6.1Ocportal Ocportal 7.1.1Ocportal Ocportal 7.1Ocportal Ocportal 6.0.2Ocportal Ocportal 6.0Ocportal Ocportal 5.0.3Ocportal Ocportal 5.0.2Ocportal Ocportal 4.3.1Ocportal Ocportal 4.3Ocportal Ocportal 4.2Ocportal Ocportal 4.1.3Ocportal Ocportal 4.1.9Ocportal Ocportal 4.1.6Ocportal Ocportal 4.1.4Ocportal Ocportal 4.0.4Ocportal Ocportal 5.0.1Ocportal Ocportal 5.0Ocportal Ocportal 4.3.2Ocportal Ocportal 4.1.13
NA
CVE-2014-2989
Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote malicious users to hijack the authentication of administrators for requests that create administrative accounts via a request to Users/add.
Open Assessment Technologies Tao 2.5.6
NA
CVE-2013-4624
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote malicious users to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or...
Jahia Jahia Xcm 6.6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661open redirectCVE-2024-25512CVE-2024-33788command injectionSSTICVE-2024-0043CVE-2024-29210CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook