Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unauthorized vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-5380
Session fixation vulnerability in Rails prior to 1.2.4, as used for Ruby on Rails, allows remote malicious users to hijack web sessions via unspecified vectors related to "URL-based sessions."
David Hansson Ruby On Rails
NA
CVE-2007-6077
The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, wh...
Rubyonrails Rails 1.2.4
NA
CVE-2015-2208
The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote malicious users to execute arbitrary commands via shell metacharacters in the object parameter.
Avinu Phpmoadmin 1.1.2
1 EDB exploit
3 Github repositories
NA
CVE-2003-1488
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote malicious users to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
Truelogik Truegalerie 1.0
1 EDB exploit
NA
CVE-2006-2737
utilities/register.asp in Nukedit 4.9.6 and previous versions allows remote malicious users to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
Nukedit Nukedit
Nukedit Nukedit 4.9.2
Nukedit Nukedit 4.9.3
Nukedit Nukedit 4.9.0
Nukedit Nukedit 4.9.1
1 EDB exploit
NA
CVE-2006-2771
admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote malicious users to delete arbitrary posts via a modified delID parameter.
Hogstorps Hogstorp Guestbook 2.0
1 EDB exploit
NA
CVE-2005-1480
Directory traversal vulnerability in RaidenFTPD prior to 2.4.2241 allows remote malicious users to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command.
Raiden Professional Servers Raidenftpd
1 EDB exploit
NA
CVE-2007-5817
dialog.php in CONTENTCustomizer 3.1mp and previous versions allows remote malicious users to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other att...
Contentcustomizer Contentcustomizer
1 EDB exploit
NA
CVE-2002-1830
Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote malicious users to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters.
Openbb Openbb 1.0.0 Rc1
Openbb Openbb 1.0.0 Rc2
Openbb Openbb 1.0.0 Rc3
1 EDB exploit
NA
CVE-2006-4450
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote malicious users to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
Phpbb Group Phpbb 2.0.20
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »