Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bugreport.ir vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-0466
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote malicious users to list directories and read files. NOTE: this can be leveraged for listings outside the c...
Webwiz Web Wiz Forums 9.07
Webwiz Web Wiz Newspad 1.02
Webwiz Web Wiz Rich Text Editor 4.0
2 EDB exploits
7.5
CVSSv2
CVE-2008-1908
Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in (1) the language parameter in a language action to the default URI, which is not properly handled in actions/language.a...
Cpcommerce Cpcommerce 1.1.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-1992
Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote malicious users to bypass restrictions and relay email messages with modified From, FromName, and To fields.
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
4.3
CVSSv2
CVE-2008-2022
Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requ...
Pd9 Software Megabbs 2.2
1 EDB exploit
6.8
CVSSv2
CVE-2007-6079
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using ...
Bcoos Bcoos 1.0.10
1 EDB exploit
7.5
CVSSv2
CVE-2008-7209
Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote malicious users to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing ...
Insane Visions Onecms
1 EDB exploit
7.5
CVSSv2
CVE-2008-4364
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote malicious users to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
Parsagostar Parsaweb Cms
1 EDB exploit
7.8
CVSSv2
CVE-2008-0427
Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Bloo Bloofoxcms 0.3
1 EDB exploit
5
CVSSv2
CVE-2008-0479
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote malicious users to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
Web Wiz Newspad 1.02
1 EDB exploit
5
CVSSv2
CVE-2008-0480
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and previous versions allow remote malicious users to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
Web Wiz Web Wiz Forums
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »