Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
book vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2006-4575
Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote malicious users to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) n...
The Address Book The Address Book 1.04e
605
VMScore
CVE-2006-4576
Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote malicious users to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer.
The Address Book The Address Book 1.04e
605
VMScore
CVE-2006-4577
Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote malicious users to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (...
The Address Book The Address Book 1.04e
668
VMScore
CVE-2006-4578
export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote malicious users to obtain sensitive information.
The Address Book The Address Book 1.04e
445
VMScore
CVE-2006-4579
Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote malicious users to include arbitrary files via a .. (dot dot) in the language parameter.
The Address Book The Address Book 1.04e
445
VMScore
CVE-2006-4581
Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote malicious users to upload arbitrary PHP scripts.
The Address Book The Address Book 1.04e
668
VMScore
CVE-2005-0284
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote malicious users to execute arbitrary SQL commands via the user-agent parameter.
Woltlab Burning Book 1.0 Gold
Woltlab Burning Book 1.1.1e
668
VMScore
CVE-2020-23763
SQL injection in admin.php in Online Book Store 1.0 allows remote malicious users to execute arbitrary SQL commands and bypass authentication.
Online Book Store Project Online Book Store 1.0
383
VMScore
CVE-2005-3037
Cross-site scripting (XSS) vulnerability in Handy Address Book Server 1.1 allows remote malicious users to inject arbitrary web script or HTML via the SEARCHTEXT parameter in a demos URL.
Handy Address Book Handy Address Book Server 1.1
445
VMScore
CVE-2020-36003
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
Online Book Store Project Online Book Store 1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »