Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ush vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-1776
Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote malicious users to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.
Matt Wright Formmail
1 EDB exploit
NA
CVE-2009-3247
Cross-site scripting (XSS) vulnerability in the Activities module in vtiger CRM 5.0.4 allows remote malicious users to inject arbitrary web script or HTML via the action parameter to phprint.php. NOTE: the query_string vector is already covered by CVE-2008-3101.3.
Vtiger Vtiger Crm 5.0.4
1 EDB exploit
NA
CVE-2009-3248
Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote malicious users to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.
Vtiger Vtiger Crm 5.0.4
1 EDB exploit
NA
CVE-2009-3250
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Serve...
Vtiger Vtiger Crm 5.0.4
1 EDB exploit
NA
CVE-2009-2146
Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) prior to 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the ...
Sugarcrm Sugarcrm 5.0.0
Sugarcrm Sugarcrm 5.1c
Sugarcrm Sugarcrm 5.1.0
Sugarcrm Sugarcrm
Sugarcrm Sugarcrm 5.2d
Sugarcrm Sugarcrm 5.1.0-beta
Sugarcrm Sugarcrm 5.2c
Sugarcrm Sugarcrm 5.0.0k
Sugarcrm Sugarcrm 5.0.0h
1 EDB exploit
NA
CVE-2008-3331
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis prior to 1.1.2 allows remote malicious users to inject arbitrary web script or HTML via the filter_target parameter.
Mantis Mantis 0.10.2
Mantis Mantis 0.10
Mantis Mantis 0.12.0
Mantis Mantis 0.14.7
Mantis Mantis 1.0.6
Mantis Mantis 0.19
Mantis Mantis 0.18.2
Mantis Mantis 0.18.0
Mantis Mantis 1.0.2
Mantis Mantis 0.15.12
Mantis Mantis 0.18.0a2
Mantis Mantis 0.18.0a4
Mantis Mantis 0.15.3
Mantis Mantis 0.18
Mantis Mantis 0.15.0
Mantis Mantis 1.0.4
Mantis Mantis 1.0.0 Rc3
Mantis Mantis 0.15.9
Mantis Mantis 0.14.2
Mantis Mantis 0.9.1
Mantis Mantis 0.13
Mantis Mantis 0.10.1
1 EDB exploit
NA
CVE-2008-6946
Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote malicious users to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to ...
Collabtive Collabtive 0.4.8
1 EDB exploit
NA
CVE-2008-6947
Collabtive 0.4.8 allows remote malicious users to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
Collabtive Collabtive 0.4.8
1 EDB exploit
NA
CVE-2008-6948
Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) t...
Collabtive Collabtive 0.4.8
1 EDB exploit
NA
CVE-2008-6949
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote malicious users to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unk...
Collabtive Collabtive 0.4.8
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »