Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
validation vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1331
Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the s...
Tks Banking Solutions Eportfolio 1.0
1 EDB exploit
9.8
CVSSv3
CVE-2018-19971
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
Jfrog Artifactory 6.5.9
NA
CVE-2005-4622
Directory traversal vulnerability in eFileGo 3.01 allows remote malicious users to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe.
Efilego Efilego 3.0.1
1 EDB exploit
NA
CVE-2010-4873
Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Webidsupport Webid 0.8.5
1 EDB exploit
NA
CVE-2005-0307
Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters.
Mercuryboard Mercuryboard 1.1
Mercuryboard Mercuryboard 1.1.1
1 EDB exploit
7.5
CVSSv3
CVE-2020-29043
An issue exists in BigBlueButton up to and including 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
Bigbluebutton Bigbluebutton
NA
CVE-2007-0759
Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote malicious users to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, whic...
Umberto Caldera Easymoblog 0.5.1
1 EDB exploit
NA
CVE-2006-0240
Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote malicious users to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.
8pixel.net Simple Blog
1 EDB exploit
NA
CVE-2006-0345
Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote malicious users to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058.
Saral Kaushik Saralblog 1.0
1 EDB exploit
NA
CVE-2006-0479
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote malicious users to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] v...
Pmwiki Pmwiki 2.1 Beta 20
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »