Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aggregate vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2015-7912
The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate prior to 5.30.06 allows remote malicious users to upload and execute arbitrary Java code via a crafted XML document.
Tibbo Aggregate
641
VMScore
CVE-2015-7913
ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate prior to 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class.
Tibbo Aggregate
NA
CVE-2015-10120
A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. Affected is the function update_options of the file includes/WDS_Multisite_Aggregate_Options.php. The manipulation leads to cross site scripting. It is poss...
Webdevstudios Wds Multisite Aggregate
201
VMScore
CVE-2017-0213
Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacke...
Microsoft Windows 10 1607
Microsoft Windows Rt 8.1
Microsoft Windows Server 2012 -
Microsoft Windows 10 -
Microsoft Windows 10 1511
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 8.1
Microsoft Windows 10 1703
Microsoft Windows Server 2016
Microsoft Windows 7
Microsoft Windows Server 2008
1 EDB exploit
21 Github repositories
668
VMScore
CVE-2018-18530
ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI.
Thinkphp Thinkphp 5.1.25
NA
CVE-2023-48793
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.
Zohocorp Manageengine Adaudit Plus 7.2
Zohocorp Manageengine Adaudit Plus
NA
CVE-2023-49330
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
NA
CVE-2023-49331
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
445
VMScore
CVE-2019-9187
ikiwiki prior to 3.20170111.1 and 3.2018x and 3.2019x prior to 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
Ikiwiki Ikiwiki 3.20180228
Ikiwiki Ikiwiki 3.20180105
Ikiwiki Ikiwiki
Ikiwiki Ikiwiki 3.20180311
670
VMScore
CVE-2022-28346
An issue exists in Django 2.2 prior to 2.2.28, 3.2 prior to 3.2.13, and 4.0 prior to 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.
Djangoproject Django
Debian Debian Linux 9.0
Debian Debian Linux 11.0
7 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »