Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-0621
admin.php in Newsletter ZWS allows remote malicious users to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.
Zaireweb Solutions Newsletter Zws
1 EDB exploit
NA
CVE-2008-0683
SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the newsletter parameter.
Wordpress St Newsletter Plugin
1 EDB exploit
4.8
CVSSv3
CVE-2023-0543
The Arigato Autoresponder and Newsletter WordPress plugin prior to 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed...
Kibokolabs Arigato Autoresponder And Newsletter
NA
CVE-2007-1696
SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the NewsPaperID parameter.
Active Web Softwares Active Newsletter
1 EDB exploit
4.8
CVSSv3
CVE-2018-1002005
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
Kibokolabs Arigato Autoresponder And Newsletter
1 EDB exploit
NA
CVE-2006-2608
artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote malicious users to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefin...
Artmedic Webdesign Artmedic Newsletter 4.1
1 EDB exploit
NA
CVE-2006-2609
artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote malicious users to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the ...
Artmedic Webdesign Artmedic Newsletter 4.1.2
4.8
CVSSv3
CVE-2018-1002006
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
Kibokolabs Arigato Autoresponder And Newsletter
1 EDB exploit
8.8
CVSSv3
CVE-2023-47686
Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions.
Kibokolabs Arigato Autoresponder And Newsletter
5.4
CVSSv3
CVE-2023-45829
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email Sender – Email Newsletter Plugin for WordPress plugin <= 2.0.1 versions.
Happybox Newsletter \\& Bulk Email Sender
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »