Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension prior to 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
Magento Advanced Newsletter
10
CVSSv2
CVE-2004-0621
admin.php in Newsletter ZWS allows remote malicious users to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.
Zaireweb Solutions Newsletter Zws
1 EDB exploit
9.3
CVSSv2
CVE-2020-24433
Adobe Acrobat Reader DC versions 2020.012.20048 (and previous versions), 2020.001.30005 (and previous versions) and 2017.011.30175 (and previous versions) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delet...
Adobe Acrobat
Adobe Acrobat Dc
Adobe Acrobat Reader
Adobe Acrobat Reader Dc
7.5
CVSSv2
CVE-2022-31856
Newsletter Module v3.x exists to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
Newsletter Module Project Newsletter Module 3.0.2.0
7.5
CVSSv2
CVE-2021-38302
The Newsletter extension up to and including 4.0.0 for TYPO3 allows SQL Injection.
Newsletter Project Newsletter
7.5
CVSSv2
CVE-2015-9334
The email-newsletter plugin up to and including 20.15 for WordPress has SQL injection.
Email-newsletter Project Email-newsletter
7.5
CVSSv2
CVE-2018-18461
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote malicious users to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.7
7.5
CVSSv2
CVE-2010-1024
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Chris Wederka Tgm Newsletter 0.0.2
7.5
CVSSv2
CVE-2008-6861
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote malicious users to bypass authentication and gain administrative access by setting a cookie to a certain value.
Xigla Absolute Newsletter 6.1
Xigla Absolute Newsletter 6.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-6286
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote malicious users to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber....
Activewebsoftwares Active Newsletter 4.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »