Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
javier olmedo vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2018-18923
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
Abisoftgt Ticketly 1.0
1 EDB exploit
355
VMScore
CVE-2018-13832
Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote malicious users to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.
Techotronic All In One Favicon
1 EDB exploit
555
VMScore
CVE-2018-15918
An issue exists in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate.
Jorani Project Jorani 0.6.5
1 EDB exploit
355
VMScore
CVE-2018-15917
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote malicious users to inject arbitrary web script or HTML via the language parameter to session/language.
Jorani Project Jorani 0.6.5
1 EDB exploit
355
VMScore
CVE-2020-9038
Joplin up to and including 1.0.184 allows Arbitrary File Read via XSS.
Joplin Project Joplin
1 EDB exploit
1 Github repository
435
VMScore
CVE-2019-7400
Rukovoditel prior to 2.4.1 allows XSS.
Rukovoditel Rukovoditel
1 EDB exploit
605
VMScore
CVE-2019-15092
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.
Webtoffee Import Export Wordpress Users
1 EDB exploit
383
VMScore
CVE-2018-19828
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
Artica Integria Ims 5.0.83
516
VMScore
CVE-2018-19829
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
Artica Integria Ims 5.0.83
445
VMScore
CVE-2018-18922
add_user in AbiSoft Ticketly 1.0 allows remote malicious users to create administrator accounts via an action/add_user.php POST request.
Abisoftgt Ticketly 1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »