Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
an vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2224
Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the g_lang parameter.
An Guestbook An Guestbook 0.7.8
8.8
CVSSv3
CVE-2023-2636
The AN_GradeBook WordPress plugin up to and including 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber
An Gradebook Project An Gradebook
1 Github repository
4.8
CVSSv3
CVE-2023-2709
The AN_GradeBook WordPress plugin up to and including 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...
An Gradebook Project An Gradebook
NA
CVE-2007-3217
Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote malicious users to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (...
Prototype Of An Php Application Prototype Of An Php Application 0.1
12 EDB exploits
7.5
CVSSv3
CVE-2019-5927
Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and previous versions allows remote malicious users to read arbitrary files via unspecified vectors.
Weban An
NA
CVE-2002-2378
Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote malicious users to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.
Nakata An Httpd 1.41d
NA
CVE-2008-2414
Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote malicious users to inject arbitrary web script or HTML via the postid parameter.
Aguestbook An Guestbook 0.4
1 EDB exploit
6.1
CVSSv3
CVE-2024-22113
Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and previous versions allows a remote unauthenticated malicious user to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL.
Anglers-net Cgi An-anlyzer
NA
CVE-2009-3366
Directory traversal vulnerability in navigation.php in An image gallery 1.0 allows remote malicious users to list arbitrary directories via a .. (dot dot) in the path parameter.
Plohni An Image Gallery 1.0
1 EDB exploit
NA
CVE-2009-3367
Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote malicious users to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this informati...
Plohni An Image Gallery 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »