Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
validation vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-22955
An issue exists on AudioCodes VoIP desk phones up to and including 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher ...
Audiocodes C470hd Firmware
Audiocodes C455hd Firmware
Audiocodes C435hd Firmware
Audiocodes 445hd Firmware
Audiocodes 405hd Firmware
Audiocodes C450hd Firmware
NA
CVE-2002-0948
Scripts For Educators MakeBook 2.2 CGI program allows remote malicious users to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered.
Scripts For Educators Makebook 2.2
1 EDB exploit
7.4
CVSSv3
CVE-2019-1659
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote malicious user to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and PI. T...
Cisco Prime Infrastructure
NA
CVE-2006-0135
SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote malicious users to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable).
Thewebforum Thewebforum
1 EDB exploit
5.7
CVSSv3
CVE-2018-3815
The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated malicious user to ...
Stalker Communigate Pro 6.2
NA
CVE-2009-3803
Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS 5.4.0.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the status_message parameter to (1) /news, (2) /comment, (3) /forum, (4) /blog, and (5) /tags; the status_message...
Amirocms Amiro.cms
Amirocms Amiro.cms 5.2.3
Amirocms Amiro.cms 4.2.2.0
Amirocms Amiro.cms 4.2.1.0
Amirocms Amiro.cms 5.0.7
Amirocms Amiro.cms 4.2.5
Amirocms Amiro.cms 4.2.4
Amirocms Amiro.cms 4.2.3.0
Amirocms Amiro.cms 5.2.2
Amirocms Amiro.cms 5.2
Amirocms Amiro.cms 4.2.0.5
Amirocms Amiro.cms 4.0.8.0
1 EDB exploit
NA
CVE-2004-1537
Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 up to and including 1.6.1 allows remote malicious users to execute arbitrary web script via the img parameter.
Phpkit Phpkit 1.6.02
Phpkit Phpkit 1.6.03
Phpkit Phpkit 1.6.1
1 EDB exploit
NA
CVE-2006-0479
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote malicious users to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] v...
Pmwiki Pmwiki 2.1 Beta 20
1 EDB exploit
7.5
CVSSv3
CVE-2020-29043
An issue exists in BigBlueButton up to and including 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
Bigbluebutton Bigbluebutton
NA
CVE-2006-0240
Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote malicious users to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.
8pixel.net Simple Blog
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »