Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
addressbook vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2010-1471
Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote malicious users to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
B-elektro Com Addressbook 1.5.0
1 EDB exploit
312
VMScore
CVE-2013-5646
Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.
Roundcube Webmail 1.0
356
VMScore
CVE-2015-5382
program/steps/addressbook/photo.inc in Roundcube Webmail prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.1
Roundcube Webmail 1.1
668
VMScore
CVE-2016-9019
SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and previous versions allows remote malicious users to execute arbitrary SQL commands via the is_what parameter.
Exponentcms Exponent Cms
NA
CVE-2023-35927
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10...
Nextcloud Nextcloud Server
445
VMScore
CVE-2016-9285
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote malicious users to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.
Exponentcms Exponent Cms 2.4.0
668
VMScore
CVE-2013-2778
Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote malicious users to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.
Chatelao Php Address Book 8.2.5
356
VMScore
CVE-2015-8794
Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube prior to 1.0.6 and 1.1.x prior to 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.
Roundcube Roundcube Webmail 1.1.1
Roundcube Roundcube Webmail
Roundcube Roundcube Webmail 1.1.0
231
VMScore
CVE-2006-2789
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote malicious users to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-ad...
Gnome Evolution 2.3.4
Gnome Evolution 2.3.5
Gnome Evolution 2.3.6
Gnome Evolution 2.3.6.1
Gnome Evolution 2.3.1
Gnome Evolution 2.3.3
Gnome Evolution 2.3.7
Gnome Evolution 2.3.2
312
VMScore
CVE-2021-31583
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: St...
Sipwise Next Generation Communication Platform 3.6.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »