Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webapp vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2005-0927
Unknown vulnerability in subs.pl for WebAPP 0.9.9 up to and including 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.
Web-app.org Webapp 0.9.9
Web-app.org Webapp 0.9.9.2
Web-app.org Webapp 0.9.9.1
9
CVSSv2
CVE-2019-14768
An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM prior to 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges.
Dimo-crm Yellowbox Crm
9
CVSSv2
CVE-2018-6186
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
Citrix Netscaler 12.0
9
CVSSv2
CVE-2013-3576
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
Hp System Management Homepage
1 EDB exploit
7.5
CVSSv2
CVE-2022-22845
QXIP SIPCAPTURE homer-app prior to 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.
Qxip Homer Webapp
2 Github repositories
7.5
CVSSv2
CVE-2019-9106
The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote malicious users to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php.
Saet Tebe Small Firmware 05.01
Saet Webapp 04.68
7.5
CVSSv2
CVE-2018-19971
JFrog Artifactory Pro 6.5.9 has Incorrect Access Control.
Jfrog Artifactory 6.5.9
7.5
CVSSv2
CVE-2017-7997
Multiple SQL injection vulnerabilities in Gespage prior to 7.4.9 allow remote malicious users to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
Gespage Gespage
1 EDB exploit
7.5
CVSSv2
CVE-2017-1002001
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
Mobile-app-builder-by-wappress Project Mobile-app-builder-by-wappress 1.05
1 EDB exploit
7.5
CVSSv2
CVE-2017-1002002
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
Webapp-builder Project Webapp-builder 2.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »