Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aims vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2010-4834
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_sea...
Oneorzero Aims 2.7.0
Oneorzero Aims 2.6.0
1 EDB exploit
10
CVSSv2
CVE-2011-4214
OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote malicious users to bypass authentication and obtain administrator privileges via a crafted oozimsrememberme cookie.
Oneorzero Aims 2.7.0
7.5
CVSSv2
CVE-2011-4215
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote malicious users to execute arbitrary SQL commands via the cookieName variable.
Oneorzero Aims 2.7.0
4
CVSSv2
CVE-2010-4835
Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.
Oneorzero Aims 2.6.0
1 EDB exploit
4.3
CVSSv2
CVE-2012-0989
Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to index.php.
Oneorzero Action And Information Management System 2.8.0
1 EDB exploit
NA
CVE-2024-22936
Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote malicious users to inject arbitrary web script or HTML via the message parameter.
NA
CVE-2022-3853
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.
Supra-csv-parser Project Supra-csv-parser
4
CVSSv2
CVE-2021-29452
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged i...
Curveballjs A12n-server
4.3
CVSSv2
CVE-2017-3182
On the iOS platform, the ThreatMetrix SDK versions before 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an malicious user to perform a man-in-the-middle (MITM) attack. ThreatMetrix is a security library for mobile applications, which aims to...
Threatmetrix Threatmetrix Sdk
NA
CVE-2022-4244
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolu...
Codehaus-plexus Project Codehaus-plexus
Redhat Integration Camel K
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »