Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xpath injection vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-4748
Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote malicious users to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Po...
F-art Agency Blog Cms 4.1
6.8
CVSSv2
CVE-2021-43822
Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API (PHPCR) using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If t...
Jackalope Doctrine-dbal Project Jackalope Doctrine-dbal
NA
CVE-2022-46751
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy before 2.5.2. When Apache Ivy before 2.5.2 parses XML files - either its own config...
Apache Ivy
1 Github repository
6.8
CVSSv2
CVE-2015-6007
Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) up to and including 0.9.6 allows remote malicious users to hijack the authentication of arbitrary users.
Refbase Refbase
7.5
CVSSv2
CVE-2015-6008
install.php in Web Reference Database (aka refbase) up to and including 0.9.6 allows remote malicious users to execute arbitrary commands via the adminPassword parameter, a different issue than CVE-2015-7381.
Refbase Refbase
1 EDB exploit
7.5
CVSSv2
CVE-2015-6009
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) up to and including 0.9.6 allow remote malicious users to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2...
Refbase Refbase
1 EDB exploit
5
CVSSv2
CVE-2015-6011
Web Reference Database (aka refbase) up to and including 0.9.6 and bleeding-edge prior to 2015-01-08 allows remote malicious users to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the stylesheet parameter to sru.php.
Refbase Refbase
5.8
CVSSv2
CVE-2015-6012
Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) up to and including 0.9.6 and bleeding-edge prior to 2015-01-08 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the referrer parameter.
Refbase Refbase
4.3
CVSSv2
CVE-2015-6010
Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) up to and including 0.9.6 and bleeding-edge prior to 2015-01-08 allow remote malicious users to inject arbitrary web script or HTML via the (1) errorNo or (2) errorMsg parameter to error.p...
Refbase Refbase
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3