Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aims vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2010-4834
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_sea...
Oneorzero Aims 2.7.0
Oneorzero Aims 2.6.0
1 EDB exploit
10
CVSSv2
CVE-2011-4214
OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote malicious users to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie.
Oneorzero Aims 2.7.0
4
CVSSv2
CVE-2010-4835
Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.
Oneorzero Aims 2.6.0
1 EDB exploit
7.5
CVSSv2
CVE-2011-4215
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote malicious users to execute arbitrary SQL commands via the cookieName variable.
Oneorzero Aims 2.7.0
4.3
CVSSv2
CVE-2012-0989
Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Oneorzero Action And Information Management System 2.8.0
1 EDB exploit
NA
CVE-2024-22936
Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote malicious users to inject arbitrary web script or HTML via the message parameter.
NA
CVE-2022-3853
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.
Supra-csv-parser Project Supra-csv-parser
4
CVSSv2
CVE-2021-29452
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged i...
Curveballjs A12n-server
4.3
CVSSv2
CVE-2017-3182
On the iOS platform, the ThreatMetrix SDK versions before 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an malicious user to perform a man-in-the-middle (MITM) attack. ThreatMetrix is a security library for mobile applications, which aims to...
Threatmetrix Threatmetrix Sdk
NA
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now ret...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »