Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aims vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-4834
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_sea...
Oneorzero Aims 2.7.0
Oneorzero Aims 2.6.0
1 EDB exploit
NA
CVE-2011-4214
OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote malicious users to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie.
Oneorzero Aims 2.7.0
NA
CVE-2011-4215
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote malicious users to execute arbitrary SQL commands via the cookieName variable.
Oneorzero Aims 2.7.0
NA
CVE-2010-4835
Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.
Oneorzero Aims 2.6.0
1 EDB exploit
NA
CVE-2012-0989
Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Oneorzero Action And Information Management System 2.8.0
1 EDB exploit
NA
CVE-2024-22936
Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote malicious users to inject arbitrary web script or HTML via the message parameter.
5.4
CVSSv3
CVE-2022-3853
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.
Supra-csv-parser Project Supra-csv-parser
6.5
CVSSv3
CVE-2021-29452
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged i...
Curveballjs A12n-server
6.8
CVSSv3
CVE-2017-3182
On the iOS platform, the ThreatMetrix SDK versions before 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an malicious user to perform a man-in-the-middle (MITM) attack. ThreatMetrix is a security library for mobile applications, which aims to...
Threatmetrix Threatmetrix Sdk
7.5
CVSSv3
CVE-2022-4244
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolu...
Codehaus-plexus Project Codehaus-plexus
Redhat Integration Camel K
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »