Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rafael pedrero vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-18619
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote malicious users to execute the sqli attack via a URL ...
Advanced Comment System Project Advanced Comment System 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2018-18775
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
Microstrategy Microstrategy Web 7
1 EDB exploit
4
CVSSv2
CVE-2018-18777
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a path...
Microstrategy Microstrategy Web 7
1 EDB exploit
4.3
CVSSv2
CVE-2018-18776
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product.
Microstrategy Microstrategy Web 7
1 EDB exploit
4
CVSSv2
CVE-2019-8925
An issue exists in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityMan...
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
1 EDB exploit
4.3
CVSSv2
CVE-2019-8927
An issue exists in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Typ...
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
1 EDB exploit
7.5
CVSSv2
CVE-2019-9083
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.
Sqlitemanager Sqlitemanager 1.24
Sqlitemanager Sqlitemanager 1.20
1 EDB exploit
4.3
CVSSv2
CVE-2019-8924
XAMPP up to and including 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
Apachefriends Xampp
1 EDB exploit
4.3
CVSSv2
CVE-2019-8926
An issue exists in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
1 EDB exploit
4.3
CVSSv2
CVE-2019-8928
An issue exists in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.
Zohocorp Manageengine Netflow Analyzer 7.0.0.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »