Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
runcms runcms 1.1 vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2006-0659
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and previous versions, with register_globals and allow_url_fopen enabled, allow remote malicious users to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php...
Runcms Runcms 1.1a
Runcms Runcms 1.1
Runcms Runcms
1 EDB exploit
765
VMScore
CVE-2006-1793
Directory traversal vulnerability in runCMS 1.2 and previous versions allows remote malicious users to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.
Runcms Runcms 1.1
Runcms Runcms 1.1a
Runcms Runcms
1 EDB exploit
668
VMScore
CVE-2005-2691
includes/common.php in RunCMS 1.2 and previous versions calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote malicious users to overwrite arbitrary variables, possibly allowing execution of arbitrary code.
Runcms Runcms 1.1
Runcms Runcms 1.1a
Runcms Runcms 1.2
668
VMScore
CVE-2005-2692
Multiple SQL injection vulnerabilities in RunCMS 1.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply...
Runcms Runcms 1.1a
Runcms Runcms 1.1
Runcms Runcms 1.2
505
VMScore
CVE-2006-0875
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote malicious users to inject arbitrary web script or HTML via the lid parameter.
Runcms Runcms 1.3a
Runcms Runcms 1.3a2
Runcms Runcms 1.3a5
Runcms Runcms 1.1
Runcms Runcms 1.1a
Runcms Runcms 1.2
1 EDB exploit
435
VMScore
CVE-2006-1216
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Runcms Runcms 1.1
Runcms Runcms 1.2
Runcms Runcms 1.1a
Runcms Runcms 1.3a
Runcms Runcms 1.3a2
Runcms Runcms 1.3a5
1 EDB exploit
445
VMScore
CVE-2005-1031
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote malicious users to upload arbitrary files.
E-xoops E-xoops 1.05r3
Runcms Runcms 1.1
Runcms Runcms 1.1a
505
VMScore
CVE-2005-0828
highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote malicious users to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database co...
Runcms Runcms 1.1a
E-xoops E-xoops 1.05r3
Ciamos Ciamos 0.9.2 Rc1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started