Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahendra vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-9126
Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote malicious users to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the StudentDocument, StudentCategories, StudentPreviousDatas parameters to index.php.
Open-school Open-school 2.2
4
CVSSv2
CVE-2014-9127
Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the value export to index.php.
Open-school Open-school 2.2
5
CVSSv2
CVE-2014-9147
Fiyo CMS 2.0.1.8 allows remote malicious users to obtain sensitive information via a direct request to the database backup file in .backup/.
Fiyo Fiyo Cms
1 EDB exploit
7.5
CVSSv2
CVE-2014-9148
Fiyo CMS 2.0.1.8 allows remote malicious users to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
Fiyo Fiyo Cms
1 EDB exploit
7.5
CVSSv2
CVE-2014-9145
Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php...
Fiyo Fiyo Cms 2.0.1.8
1 EDB exploit
4.3
CVSSv2
CVE-2014-9146
Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote malicious users to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.
Fiyo Fiyo Cms 2.0.1.8
1 EDB exploit
7.5
CVSSv2
CVE-2013-6041
index.php in Softaculous Webuzo prior to 2.1.4 allows remote malicious users to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.
Softaculous Webuzo
Softaculous Webuzo 2.1.1
Softaculous Webuzo 2.1.0
Softaculous Webuzo 2.1.2
1 EDB exploit
5
CVSSv2
CVE-2013-6043
The login function in Softaculous Webuzo prior to 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote malicious users to enumerate usernames via a series of requests.
Softaculous Webuzo
Softaculous Webuzo 2.1.1
Softaculous Webuzo 2.1.0
Softaculous Webuzo 2.1.2
1 EDB exploit
4.3
CVSSv2
CVE-2014-8071
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote malicious users to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5...
Openmrs Openmrs 2.1
6.8
CVSSv2
CVE-2014-8073
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote malicious users to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form.
Openmrs Openmrs 2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »