Vulmon
Recent Vulnerabilities
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
high-tech bridge sa vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-6788
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack....
7.5
CVSSv2
CVE-2014-4170
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information....
1 EDB exploit available
4.3
CVSSv2
CVE-2015-3421
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted...
7.5
CVSSv2
CVE-2012-2227
Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter....
1 EDB exploit available
7.5
CVSSv2
CVE-2011-5313
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program....
1 EDB exploit available
4.3
CVSSv2
CVE-2013-1420
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to...
4.3
CVSSv2
CVE-2012-2452
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_popup.php....
2 EDB exploits available
4.3
CVSSv2
CVE-2012-1001
Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php....
2 EDB exploits available
7.5
CVSSv2
CVE-2011-1047
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by...
1 EDB exploit available
NA
CVE-2013-2649
Hero Framework CVE-2013-2649 Multiple Cross-Site Scripting Vulnerabilities...
2 EDB exploits available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-26116
file inclusion
CVE-2020-25140
CVE-2020-15210
CVE-2020-15373
CVE-2020-25146
CVE-2020-17382
cpanel
validation
NULL pointer dereference
1
2
3
4
5
NEXT »
Vulmon