Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
egix vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-1349
Eval injection vulnerability in ajax.php in openSIS 4.5 up to and including 5.2 allows remote malicious users to execute arbitrary PHP code via the modname parameter.
Os4ed Opensis 4.6
Os4ed Opensis 4.5
Os4ed Opensis 4.8.1
Os4ed Opensis 4.7
Os4ed Opensis 5.2
Os4ed Opensis 5.1
Os4ed Opensis 5.0
Os4ed Opensis 4.9
Os4ed Opensis 4.8
1 EDB exploit
5.8
CVSSv2
CVE-2018-2699
Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is before 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful ...
Oracle Application Express
6.5
CVSSv2
CVE-2021-3025
Invision Community IPS Community Suite prior to 4.5.4.2 allows SQL Injection via the Downloads REST API (the sortDir parameter in a sortBy=popular action to the GETindex() method in applications/downloads/api/files.php).
Invisioncommunity Ips Community Suite
NA
CVE-2023-47271
PKP-WAL (aka PKP Web Application Library or pkp-lib) prior to 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an iss...
Sfu Pkp Web Application Library
6.8
CVSSv2
CVE-2013-7387
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and previous versions allows remote malicious users to hijack web sessions via the PHPSESSID cookie.
Dleviet Datalife Engine
2 EDB exploits
5
CVSSv2
CVE-2005-0613
Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote malicious users to upload arbitrary files.
Fckeditor Fckeditor 2.0 Rc2
2 EDB exploits
6
CVSSv2
CVE-2014-8791
project/register.php in Tuleap prior to 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
Enalean Tuleap 7.6
1 EDB exploit
NA
CVE-2023-35808
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing ...
Sugarcrm Sugarcrm
NA
CVE-2023-35811
An issue exists in SugarCRM Enterprise prior to 11.0.6 and 12.x prior to 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privi...
Sugarcrm Sugarcrm
6.5
CVSSv2
CVE-2020-8801
SuiteCRM up to and including 7.11.11 allows PHAR Deserialization.
Salesagility Suitecrm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »