Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
articles vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-1000515
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server..
News-articles Project News-articles 00.09.11
6.1
CVSSv3
CVE-2017-7626
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).
Smart Related Articles Project Smart Related Articles 1.1
9.8
CVSSv3
CVE-2017-7628
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability).
Smart Related Articles Project Smart Related Articles 1.1
5.3
CVSSv3
CVE-2017-7627
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).
Smart Related Articles Project Smart Related Articles 1.1
6.5
CVSSv3
CVE-2022-1827
The PDF24 Article To PDF WordPress plugin up to and including 4.2.2 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Pdf24 Articles To Pdf Project Pdf24 Articles To Pdf
6.5
CVSSv3
CVE-2022-1828
The PDF24 Articles To PDF WordPress plugin up to and including 4.2.2 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change them via a CSRF attack
Pdf24 Articles To Pdf Project Pdf24 Articles To Pdf
NA
CVE-2007-3311
SQL injection vulnerability in print.php in the Articles 1.02 and previous versions module for Xoops allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Xoops Articles Module
2 EDB exploits
NA
CVE-2008-5900
CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these d...
Codeavalanche Articles Nil
1 EDB exploit
NA
CVE-2009-2235
SQL injection vulnerability in page.php in Your Articles Directory allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Yourarticlesdirectory Your Articles Directory
1 EDB exploit
NA
CVE-2009-2236
SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote malicious users to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.
Yourarticlesdirectory Your Articles Directory
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »