Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
notices vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-38328
The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 6.1.
Notices Project Notices
4.8
CVSSv3
CVE-2021-39344
The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to ...
Kajoom Kjm Admin Notices
8.8
CVSSv3
CVE-2023-41672
Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions.
Remileclercq Hide Admin Notices - Admin Notification Center Plugin
4.3
CVSSv3
CVE-2019-19666
A CSRF vulnerability exists in the Event Notices Settings of Web File Manager in Rumpus FTP 8.2.9.1. An attacker can create/update event notices via RAPR/EventNoticesSet.html.
Maxum Rumpus Ftp 8.2.9.1
NA
CVE-2012-4254
MySQLDumper 1.24.4 allows remote malicious users to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.
Mysqldumper Mysqldumper 1.24.4
1 EDB exploit
6.1
CVSSv3
CVE-2023-1891
The Accordion & FAQ WordPress plugin prior to 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting
Helpiewp Accordion \\& Faq
NA
CVE-2001-0823
The pmpost program in Performance Co-Pilot (PCP) prior to 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
Sgi Performance Co-pilot 2.1.11
Sgi Performance Co-pilot 2.1.2
Sgi Performance Co-pilot 2.1.9
Sgi Performance Co-pilot 2.2
Sgi Performance Co-pilot 2.1.3
Sgi Performance Co-pilot 2.1.4
Sgi Performance Co-pilot 2.1.5
Sgi Performance Co-pilot 2.1.6
Sgi Performance Co-pilot 2.1.1
Sgi Performance Co-pilot 2.1.10
Sgi Performance Co-pilot 2.1.7
Sgi Performance Co-pilot 2.1.8
1 EDB exploit
NA
CVE-2014-1994
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x prior to 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Cybozu Garoon 2.1.2
Cybozu Garoon 2.5.0
Cybozu Garoon 3.0.2
Cybozu Garoon 3.1.0
Cybozu Garoon 3.5.3
Cybozu Garoon 3.5.5
Cybozu Garoon 2.0.0
Cybozu Garoon 2.1.0
Cybozu Garoon 2.1.1
Cybozu Garoon 3.1.1
Cybozu Garoon 3.1.2
Cybozu Garoon 3.1.3
Cybozu Garoon 3.5.0
Cybozu Garoon 3.5.1
Cybozu Garoon 2.5.2
Cybozu Garoon 2.5.3
Cybozu Garoon 2.5.4
Cybozu Garoon 3.0.0
Cybozu Garoon 3.7
Cybozu Garoon 2.1.3
Cybozu Garoon 2.5.1
Cybozu Garoon 3.0.1
5.3
CVSSv3
CVE-2023-28318
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.
Rocket.chat Rocket.chat -
8.8
CVSSv3
CVE-2017-3835
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).
Cisco Identity Services Engine Software 1.4\\(0.908\\)
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »