Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dragonfly dragonfly vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2006-0644
Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote malicious users to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter...
Cpg-nuke Dragonfly Cms 9.0.6 .1
1 EDB exploit
668
VMScore
CVE-2013-1756
The Dragonfly gem 0.7 prior to 0.8.6 and 0.9.x prior to 0.9.13 for Ruby, when used with Ruby on Rails, allows remote malicious users to execute arbitrary code via a crafted request.
Mark Evans Dragonfly Gem 0.7.0
Mark Evans Dragonfly Gem 0.7.1
Mark Evans Dragonfly Gem 0.7.2
Mark Evans Dragonfly Gem 0.7.3
Mark Evans Dragonfly Gem 0.7.4
Mark Evans Dragonfly Gem 0.7.5
Mark Evans Dragonfly Gem 0.7.6
Mark Evans Dragonfly Gem 0.7.7
Mark Evans Dragonfly Gem 0.8.0
Mark Evans Dragonfly Gem 0.8.1
Mark Evans Dragonfly Gem 0.8.2
Mark Evans Dragonfly Gem 0.8.4
Mark Evans Dragonfly Gem 0.8.5
Mark Evans Dragonfly Gem 0.9.0
Mark Evans Dragonfly Gem 0.9.1
Mark Evans Dragonfly Gem 0.9.2
Mark Evans Dragonfly Gem 0.9.3
Mark Evans Dragonfly Gem 0.9.4
Mark Evans Dragonfly Gem 0.9.5
Mark Evans Dragonfly Gem 0.9.6
Mark Evans Dragonfly Gem 0.9.7
Mark Evans Dragonfly Gem 0.9.8
668
VMScore
CVE-2013-5671
lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote malicious users to execute arbitrary commands via unspecified vectors.
Mark Evans Fog-dragonfly 0.8.2
668
VMScore
CVE-2006-0727
SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote malicious users to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain quer...
Musox Df Msanalysis 1.0.1
668
VMScore
CVE-2005-2221
Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote malicious users to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp,...
Incredible Interactive Dragonfly Commerce
606
VMScore
CVE-2021-33564
An argument injection vulnerability in the Dragonfly gem prior to 1.4.0 for Ruby allows remote malicious users to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate a...
Dragonfly Project Dragonfly
2 Github repositories
605
VMScore
CVE-2019-9497
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an malicious user to complete EAP-PWD authentication without knowing the password. However, unless the cr...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
605
VMScore
CVE-2019-9498
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete au...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Router Manager 1.2
Synology Radius Server 3.0
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
Freebsd Freebsd
605
VMScore
CVE-2019-9499
The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of th...
W1.fi Hostapd
W1.fi Wpa Supplicant
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Debian Debian Linux 8.0
Synology Router Manager 1.2
Synology Radius Server 3.0
Freebsd Freebsd 11.2
Freebsd Freebsd 12.0
Freebsd Freebsd
605
VMScore
CVE-2006-4162
Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the search field.
Cpg-nuke Dragonfly Cms 9.0.4.0
Cpg-nuke Dragonfly Cms 9.0.5.0
Cpg-nuke Dragonfly Cms 9.0.2.0
Cpg-nuke Dragonfly Cms 9.0.3.0
Cpg-nuke Dragonfly Cms 9.0.1.1
Cpg-nuke Dragonfly Cms 9.0.6.0
Cpg-nuke Dragonfly Cms 9.0.6.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »