Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1646
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote malicious users to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbi...
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.20.7
Open-xchange Open-xchange Server 6.22.0
1 EDB exploit
NA
CVE-2013-1647
Multiple CRLF injection vulnerabilities in Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by...
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 6.20.7
1 EDB exploit
NA
CVE-2013-1648
The Subscriptions feature in Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field...
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 6.20.7
1 EDB exploit
NA
CVE-2013-1649
Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent malicious users to obtain cleartext passwords via a brute-force attack.
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.20.7
1 EDB exploit
NA
CVE-2013-1650
Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.20.7
Open-xchange Open-xchange Server 6.22.0
1 EDB exploit
NA
CVE-2013-1651
OXUpdater in Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof update servers and install arbitrary software via a crafted certificat...
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 6.20.7
1 EDB exploit
NA
CVE-2012-0298
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x prior to 5.0.3 allow remote malicious users to (1) read or (2) delete arbitrary files via unspecified vectors.
Symantec Web Gateway 5.0
Symantec Web Gateway 5.0.2
Symantec Web Gateway 5.0.1
1 EDB exploit
NA
CVE-2013-3239
phpMyAdmin 3.5.x prior to 3.5.8 and 4.x prior to 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable f...
Phpmyadmin Phpmyadmin 3.5.7
Phpmyadmin Phpmyadmin 3.5.8
Phpmyadmin Phpmyadmin 3.5.2.1
Phpmyadmin Phpmyadmin 3.5.2.2
Phpmyadmin Phpmyadmin 3.5.1.0
Phpmyadmin Phpmyadmin 3.5.6
Phpmyadmin Phpmyadmin 3.5.0.0
Phpmyadmin Phpmyadmin 3.5.5
Phpmyadmin Phpmyadmin 4.0.0
Phpmyadmin Phpmyadmin 3.5.2.0
Phpmyadmin Phpmyadmin 3.5.3.0
Phpmyadmin Phpmyadmin 3.5.4
1 EDB exploit
NA
CVE-2013-3240
Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x prior to 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.
Phpmyadmin Phpmyadmin 4.0.0
1 EDB exploit
NA
CVE-2013-3241
export.php (aka the export script) in phpMyAdmin 4.x prior to 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
Phpmyadmin Phpmyadmin 4.0.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »