Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aurora vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2007-6345
SQL injection vulnerability in aurora framework prior to 20071208 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained...
Aurora Aurora Framework
383
VMScore
CVE-2019-16238
Afterlogic Aurora up to and including 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login.
Afterlogic Aurora
755
VMScore
CVE-2009-3365
PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote malicious users to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter.
Traza Aurora 1.0.2
1 EDB exploit
445
VMScore
CVE-2021-33209
An issue exists in Fimer Aurora Vision prior to 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an malicious user to enumerate usernames. This can make a brute-force attack easier.
Fimer Aurora Vision
383
VMScore
CVE-2021-33210
An issue exists in Fimer Aurora Vision prior to 2.97.10. An attacker can (in the WebUI) obtain plant information without authentication by reading the response of APIs from a kiosk view of a plant.
Fimer Aurora Vision
NA
CVE-2023-43176
A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows malicious users to execute arbitrary code via supplying a crafted .sabredav file.
Afterlogic Aurora Files 9.7.3
605
VMScore
CVE-2021-26293
An issue exists in AfterLogic Aurora up to and including 8.5.3 and WebMail Pro up to and including 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Serve...
Afterlogic Aurora
Afterlogic Webmail Pro
1 Github repository
446
VMScore
CVE-2021-26294
An issue exists in AfterLogic Aurora up to and including 7.7.9 and WebMail Pro up to and including 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/...
Afterlogic Aurora
Afterlogic Webmail Pro
2 Github repositories
312
VMScore
CVE-2017-14597
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
Afterlogic Aurora 7.7.5
Afterlogic Webmail 7.7
384
VMScore
CVE-2019-19129
Afterlogic WebMail Pro 8.3.11, and WebMail in Afterlogic Aurora 8.3.11, allows Remote Stored XSS via an attachment name.
Afterlogic Aurora 8.3.11
Afterlogic Webmail Pro 8.3.11
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »