Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
l0rd vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-12908
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote malicious users to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials.
Brynamics Brynamics -
1 EDB exploit
8.8
CVSSv3
CVE-2018-12519
An issue exists in ShopNx through 2017-11-17. The vulnerability allows a remote malicious user to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
Codenx Shopnx
1 EDB exploit
6.1
CVSSv3
CVE-2018-13849
edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace.
Instagram-clone Project Instagram-clone
1 EDB exploit
NA
CVE-2010-5000
SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote malicious users to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party inf...
Joe Pieruccini Mclogin System 1.1
Joe Pieruccini Mclogin System 1.2
1 EDB exploit
NA
CVE-2010-5008
SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote malicious users to execute arbitrary SQL commands via the ContactID parameter.
Denaliintranet Brightsuite Groupware 5.4
1 EDB exploit
NA
CVE-2010-5020
SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote malicious users to execute arbitrary SQL commands via the page parameter.
Netartmedia Iboutique 4.0
1 EDB exploit
NA
CVE-2010-5023
SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote malicious users to execute arbitrary SQL commands via the intDivisionID parameter.
Cramerdev Digital Interchange Calendar 5.8.5
1 EDB exploit
NA
CVE-2010-5045
Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ASP Survey allows remote malicious users to inject arbitrary web script or HTML via the catid parameter.
Sellatsite Smart Asp Survey
1 EDB exploit
NA
CVE-2010-4997
SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote malicious users to execute arbitrary SQL commands via the id parameter in a product action.
Olykit Swoopo Clone 2010
1 EDB exploit
NA
CVE-2010-5022
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the view parameter to index.php.
Harmistechnology Com Jesubmit 1.4
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5274
CVE-2024-35388
CVE-2024-35396
elevation of privilege
CVE-2021-47544
file upload
CVE-2021-47545
memory leak
CVE-2024-4956
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »