Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-news vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2007-3331
Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote malicious users to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post.
Stphp Easynews 4.0
383
VMScore
CVE-2005-2074
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote malicious users to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php.
Php Fusion Php Fusion 6.0.105
435
VMScore
CVE-2008-2117
Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote malicious users to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126.
Project Alumni Project Alumni 1.0.9
1 EDB exploit
570
VMScore
CVE-2008-4200
Opera prior to 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote malicious users to change this field to display the URL of a page containing web script controlled by the attacker.
Opera Opera Browser 9.22
Opera Opera Browser 9.0
Opera Opera Browser 8.54
Opera Opera Browser 7.60
Opera Opera Browser 7.54
Opera Opera Browser 9.23
Opera Opera Browser 9.26
Opera Opera Browser 8.0
Opera Opera Browser 7.21
Opera Opera Browser 7.22
Opera Opera Browser 7.0
Opera Opera Browser 7.01
Opera Opera Browser 6.0
Opera Opera Browser 6.02
Opera Opera Browser 5.0
Opera Opera Browser 5.12
Opera Opera Browser 5.02
Opera Opera Browser 9.02
Opera Opera Browser 9.01
Opera Opera Browser 8.02
Opera Opera Browser 8.01
Opera Opera Browser 9.50
755
VMScore
CVE-2009-4566
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote malicious users to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Zenphoto Zenphoto 1.2.5
1 EDB exploit
270
VMScore
CVE-2009-4172
Cross-site scripting (XSS) vulnerability in index.php in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews 8 and 8b, when magic_quotes_gpc is disabled, allows remote malicious users to inject arbitrary web script or HTML via the body of a news article in an addnews action.
Korn19 Utf-8 Cutenews 8
Korn19 Utf-8 Cutenews 8b
Cutephp Cutenews 1.4.6
2 EDB exploits
435
VMScore
CVE-2009-2569
Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remote malicious users to inject arbitrary web script or HTML via (1) the nick parameter in a login action to index.php or (2) the URI in a news request to index.html.
Verlihub-project Verlihub Control Panel 1.7e
1 EDB exploit
755
VMScore
CVE-2005-3120
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and previous versions allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
Invisible-island Lynx
Debian Debian Linux 3.1
Debian Debian Linux 3.0
1 EDB exploit
655
VMScore
CVE-2009-3514
Multiple SQL injection vulnerabilities in d.net CMS allow remote malicious users to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in ...
Marcin Manek D.net Cms
1 EDB exploit
755
VMScore
CVE-2007-6127
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and previous versions allow remote malicious users to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to...
Project Alumni Project Alumni
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »