Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ssrf vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1647
Multiple CRLF injection vulnerabilities in Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by...
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 6.20.7
1 EDB exploit
NA
CVE-2013-1649
Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent malicious users to obtain cleartext passwords via a brute-force attack.
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.20.7
1 EDB exploit
NA
CVE-2013-1650
Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.20.7
Open-xchange Open-xchange Server 6.22.0
1 EDB exploit
8.8
CVSSv3
CVE-2015-8379
CakePHP 2.x and 3.x prior to 3.1.5 might allow remote malicious users to bypass the CSRF protection mechanism via the _method parameter.
Cakephp Cakephp 3.1.1
Cakephp Cakephp 3.1.0
Cakephp Cakephp 3.0.11
Cakephp Cakephp 3.0.10
Cakephp Cakephp 3.0.3
Cakephp Cakephp 3.0.2
Cakephp Cakephp 3.0.0
Cakephp Cakephp 2.7.7
Cakephp Cakephp 2.7.6
Cakephp Cakephp 2.7.0
Cakephp Cakephp 2.6.12
Cakephp Cakephp 2.6.5
Cakephp Cakephp 2.6.4
Cakephp Cakephp 2.5.8
Cakephp Cakephp 2.5.7
Cakephp Cakephp 2.5.0
Cakephp Cakephp 2.4.6
Cakephp Cakephp 2.4.5
Cakephp Cakephp 2.4.4
Cakephp Cakephp 2.4.0
Cakephp Cakephp 2.3.10
Cakephp Cakephp 2.3.3
5.3
CVSSv3
CVE-2020-28976
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5.3
CVSSv3
CVE-2020-28978
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
8.8
CVSSv3
CVE-2015-7569
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
Yeager Yeager Cms 1.2.1
1 EDB exploit
NA
CVE-2015-7572
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0237. Reason: This candidate is a duplicate of CVE-2013-0237. Notes: All CVE users should reference CVE-2013-0237 instead of this candidate. All references and descriptions in this candidate have been removed...
1 EDB exploit
9.8
CVSSv3
CVE-2015-7567
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote malicious users to execute arbitrary SQL commands via the "passwordreset&token" parameter.
Yeager Yeager Cms 1.2.1
1 EDB exploit
9.8
CVSSv3
CVE-2015-7568
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote malicious users to change the account credentials of known users via the "userEmail" parameter.
Yeager Yeager Cms 1.2.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »