Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
high-tech bridge vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-2559
SQL injection vulnerability in Symphony CMS prior to 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to execute arbitrary SQ...
Getsymphony Symphony 2.0.4
Getsymphony Symphony 2.0.5
Getsymphony Symphony 2.0.6
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.0
Getsymphony Symphony 2.0.3
Getsymphony Symphony
Getsymphony Symphony 2.3
Getsymphony Symphony 2.1.0
Getsymphony Symphony 2.1.1
1 EDB exploit
NA
CVE-2012-1468
Incomplete blacklist vulnerability in Open Journal Systems prior to 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct requ...
Pkp Open Journal Systems
1 EDB exploit
NA
CVE-2011-1670
Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote malicious users to inject arbitrary web script or HTML via the subject parameter to post_url/edit.
A.kulikov Interra Blog Machine 1.84
2 EDB exploits
NA
CVE-2012-5367
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated ...
Orangehrm Orangehrm 2.7.1
1 EDB exploit
8.1
CVSSv3
CVE-2014-1632
htdocs/setup/index.php in Eventum prior to 2.3.5 allows remote malicious users to inject and execute arbitrary PHP code via the hostname parameter.
Eventum Project Eventum
1 EDB exploit
NA
CVE-2012-5701
Multiple SQL injection vulnerabilities in dotProject prior to 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] p...
Dotproject Dotproject
1 EDB exploit
NA
CVE-2012-5702
Multiple cross-site scripting (XSS) vulnerabilities in dotProject prior to 2.1.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name paramet...
Dotproject Dotproject
1 EDB exploit
9.8
CVSSv3
CVE-2012-5878
Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 up to and including 0.1.4 allows remote malicious users to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath paramete...
Bulbsecurity Smartphone Pentest Framework
1 EDB exploit
NA
CVE-2012-3232
Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote malicious users to inject arbitrary web script or HTML via the _text[title] parameter.
Webatall Web\\@all 2.0
1 EDB exploit
NA
CVE-2014-4736
SQL injection vulnerability in E2 prior to 2.4 (2845) allows remote malicious users to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.
Blogengine E2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »