Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
w. cashdollar vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2016-7490
The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges.
Teradata Studio Express 15.12.00.00
7.5
CVSSv3
CVE-2018-9205
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
Drupal Avatar Uploader 7.x-1.0
1 EDB exploit
7.5
CVSSv3
CVE-2015-5468
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin prior to 2.6 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter to includes/download.php.
Wpshopstyling Wp E-commerce Shop Styling
1 EDB exploit
7.5
CVSSv3
CVE-2017-6104
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
Zen Mobile App Native Project Zen Mobile App Native
1 EDB exploit
7.2
CVSSv3
CVE-2018-1002000
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
7.2
CVSSv3
CVE-2016-1000122
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
Huge-it Slider 1.0.9
7.2
CVSSv3
CVE-2016-1000119
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
Huge-it Catalog 1.0.4
5.3
CVSSv3
CVE-2015-5471
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote malicious users to read arbitrary files via a full pathname in the file parameter.
Swim Team Project Swim Team 1.44.10777
1 EDB exploit
4.8
CVSSv3
CVE-2018-1002002
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
4.8
CVSSv3
CVE-2018-1002001
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »