Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
farhadkey vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-2887
Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp.
Aspburst Mynewsletter 1.1.2
2 EDB exploits
NA
CVE-2006-1377
Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote malicious users to inject arbitrary web script or HTML via the i parameter.
Comoblog Project Comoblog 1.1
Easymoblog Easymoblog 0.5.1
2 EDB exploits
NA
CVE-2006-2636
newsadmin.asp in Katy Whitton NewsCMSLite allows remote malicious users to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".
Katy Whitton Newscmslite
1 EDB exploit
NA
CVE-2009-0300
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2636. Reason: This candidate is a duplicate of CVE-2006-2636. Notes: All CVE users should reference CVE-2006-2636 instead of this candidate. All references and descriptions in this candidate have been removed...
1 EDB exploit
NA
CVE-2006-3772
PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote malicious users to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.
Php-post Php-post 0.21
Php-post Php-post 1.0
1 EDB exploit
NA
CVE-2006-2861
SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the version parameter.
Particle Soft Particle Wiki 1.0.2
1 EDB exploit
NA
CVE-2006-2737
utilities/register.asp in Nukedit 4.9.6 and previous versions allows remote malicious users to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
Nukedit Nukedit
Nukedit Nukedit 4.9.2
Nukedit Nukedit 4.9.3
Nukedit Nukedit 4.9.0
Nukedit Nukedit 4.9.1
1 EDB exploit
NA
CVE-2006-2541
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote malicious users to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp.
John Andersson Zixforum 1.12
1 EDB exploit
NA
CVE-2006-4524
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote malicious users to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information.
Digiappz Freekot
Digiappz Freekot 1.01
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started