Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
book vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-4578
export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote malicious users to obtain sensitive information.
The Address Book The Address Book 1.04e
5
CVSSv2
CVE-2006-4579
Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote malicious users to include arbitrary files via a .. (dot dot) in the language parameter.
The Address Book The Address Book 1.04e
7.5
CVSSv2
CVE-2006-4580
register.php in The Address Book 1.04e allows remote malicious users to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm".
The Address Book The Address Book 1.04e
5
CVSSv2
CVE-2006-4582
Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote malicious users to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php.
The Address Book The Address Book 1.04e
7.5
CVSSv2
CVE-2006-4575
Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote malicious users to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) n...
The Address Book The Address Book 1.04e
7.5
CVSSv2
CVE-2012-6652
Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.
Page Flip Book Project Page Flip Book -
5
CVSSv2
CVE-2020-36003
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
Online Book Store Project Online Book Store 1.0
NA
CVE-2021-34249
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote malicious users to view sensitive information via the id paremeter in application URL.
Online Book Store Project Online Book Store 1.0
4.3
CVSSv2
CVE-2005-3037
Cross-site scripting (XSS) vulnerability in Handy Address Book Server 1.1 allows remote malicious users to inject arbitrary web script or HTML via the SEARCHTEXT parameter in a demos URL.
Handy Address Book Handy Address Book Server 1.1
7.5
CVSSv2
CVE-2020-23763
SQL injection in admin.php in Online Book Store 1.0 allows remote malicious users to execute arbitrary SQL commands and bypass authentication.
Online Book Store Project Online Book Store 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »