Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
egix vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-4449
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote malicious users to execute arbitrary PHP code by ...
Wikkawiki Wikkawiki 1.3.2
Wikkawiki Wikkawiki 1.3.1
2 EDB exploits
NA
CVE-2011-4453
The PageListSort function in scripts/pagelist.php in PmWiki 2.x prior to 2.2.35 allows remote malicious users to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
Pmwiki Pmwiki 2.0.9
Pmwiki Pmwiki 2.1.0
Pmwiki Pmwiki 2.1.1
Pmwiki Pmwiki 2.1.2
Pmwiki Pmwiki 2.1.16
Pmwiki Pmwiki 2.1.17
Pmwiki Pmwiki 2.1.18
Pmwiki Pmwiki 2.1.19
Pmwiki Pmwiki 2.2.0
Pmwiki Pmwiki 2.0.0
Pmwiki Pmwiki 2.0.10
Pmwiki Pmwiki 2.0.12
Pmwiki Pmwiki 2.0.5
Pmwiki Pmwiki 2.0.7
Pmwiki Pmwiki 2.1.4
Pmwiki Pmwiki 2.1.6
Pmwiki Pmwiki 2.1.13
Pmwiki Pmwiki 2.1.15
Pmwiki Pmwiki 2.1.20
Pmwiki Pmwiki 2.1.22
Pmwiki Pmwiki 2.2.1
Pmwiki Pmwiki 2.2.8
2 EDB exploits
9.8
CVSSv3
CVE-2012-0694
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote malicious users to execute arbitrary PHP code.
Sugarcrm Sugarcrm
2 EDB exploits
9.8
CVSSv3
CVE-2012-0911
TikiWiki CMS/Groupware prior to 6.7 LTS and prior to 8.4 allows remote malicious users to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.p...
Tiki Tikiwiki Cms\\/groupware
2 EDB exploits
9.8
CVSSv3
CVE-2019-17132
vBulletin up to and including 5.5.4 mishandles custom avatars.
Vbulletin Vbulletin
1 EDB exploit
NA
CVE-2011-4825
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager prior to 1.1, as used in tinymce prior to 1.4.2, phpMyFAQ 2.6 prior to 2.6.19 and 2.7 prior to 2.7.1, and possibly other products, allows remote malicious users to inject arbitrary PHP cod...
Phpletter Ajax File And Image Manager 1.0
Phpletter Ajax File And Image Manager 0.5.7
Phpletter Ajax File And Image Manager 0.5.5
Phpletter Ajax File And Image Manager 0.5
Phpletter Ajax File And Image Manager
Phpmyfaq Phpmyfaq 2.7.0
Phpmyfaq Phpmyfaq 2.6.10
Phpmyfaq Phpmyfaq 2.6.5
Phpmyfaq Phpmyfaq 2.6.4
Phpmyfaq Phpmyfaq 2.6.3
Phpletter Ajax File And Image Manager 0.9
Phpletter Ajax File And Image Manager 0.7.10
Phpletter Ajax File And Image Manager 0.6.12
Phpmyfaq Phpmyfaq 2.6.18
Phpmyfaq Phpmyfaq 2.6.16
Phpmyfaq Phpmyfaq 2.6.8
Phpmyfaq Phpmyfaq 2.6.6
Phpmyfaq Phpmyfaq 2.6.2
Phpmyfaq Phpmyfaq 2.6.0
Phpletter Ajax File And Image Manager 0.8.24
Phpletter Ajax File And Image Manager 0.8.9
Phpletter Ajax File And Image Manager 0.8.8
6 EDB exploits
5.3
CVSSv3
CVE-2021-26598
ImpressCMS prior to 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).
Impresscms Impresscms
9.8
CVSSv3
CVE-2021-26599
ImpressCMS prior to 1.4.3 allows include/findusers.php groups SQL Injection.
Impresscms Impresscms
NA
CVE-2014-7285
The management console on the Symantec Web Gateway (SWG) appliance prior to 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.
Symantec Web Gateway
1 EDB exploit
2 Github repositories
NA
CVE-2008-7153
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitr...
Docebo Docebo 3.0.4
Docebo Docebo 3.5 Beta
Docebo Docebo 3.0.3
Docebo Docebo 3.0.5
Docebo Docebo
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »