Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
high-tech bridge vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-8353
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin prior to 1.3.67 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php.
Role Scoper Project Role Scoper
9.8
CVSSv3
CVE-2015-8352
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
Zen-cart Zen Cart 1.5.4
1 EDB exploit
8.8
CVSSv3
CVE-2015-8355
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module prior to 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
Orion-soft Bitrix
6.1
CVSSv3
CVE-2015-2690
Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) prior to 2.11.0.7 for FreePBX allow remote malicious users to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_firs...
Digium Addons Module 2.11.0.6
6.1
CVSSv3
CVE-2015-3421
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and previous versions does not validate variables in the "eshopcart" HTTP cookie, which allows remote malicious users to perform cross-site scripting (XSS) attacks, or a path disclosure att...
Eshop Project Eshop
8
CVSSv3
CVE-2015-8356
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and previous versions for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_sectio...
Bitrix Project Bitrix
1 EDB exploit
9.8
CVSSv3
CVE-2016-2242
Exponent CMS 2.x prior to 2.3.7 Patch 3 allows remote malicious users to execute arbitrary code via the sc parameter to install/index.php.
Exponentcms Exponent Cms 2.3.5
Exponentcms Exponent Cms 2.3.1
Exponentcms Exponent Cms 2.2.1
Exponentcms Exponent Cms 2.2.0
Exponentcms Exponent Cms 2.0.9
Exponentcms Exponent Cms 2.0.5
Exponentcms Exponent Cms 2.0.4
Exponentcms Exponent Cms 2.3.3
Exponentcms Exponent Cms 2.2.3
Exponentcms Exponent Cms 2.1.3
Exponentcms Exponent Cms 2.1.2
Exponentcms Exponent Cms 2.0.7
Exponentcms Exponent Cms 2.0.6
Exponentcms Exponent Cms 2.0.2
Exponentcms Exponent Cms 2.0.1
Exponentcms Exponent Cms 2.3.7
Exponentcms Exponent Cms 2.3.2
Exponentcms Exponent Cms 2.2.2
Exponentcms Exponent Cms 2.1.1
Exponentcms Exponent Cms 2.1.0
Exponentcms Exponent Cms 2.0.0
Exponentcms Exponent Cms 2.3.8
7.5
CVSSv3
CVE-2015-8770
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube prior to 1.0.8 and 1.1.x prior to 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .....
Roundcube Roundcube Webmail 1.1.2
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail 1.1.0
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.3
1 EDB exploit
NA
CVE-2015-8358
Directory traversal vulnerability in the bitrix.mpbuilder module prior to 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php...
Bitrix Mpbuilder
1 EDB exploit
NA
CVE-2015-8357
Directory traversal vulnerability in the bitrix.xscan module prior to 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix...
Bitrix Xscan
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »