Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

jesper jurcenoks vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2007-3653
Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
Fascript Faname 1.0
NA
CVE-2007-4874
Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote malicious users to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php.
Boesch-it Simpnews 2.41.03
NA
CVE-2007-0694
Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote malicious users to inject arbitrary web script or HTML via the copyright parameter.
Dian Gemilang Dgnews 2.1
NA
CVE-2007-3183
Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php.
Vincent Hor Calendarix 0.7.2007-03-07
NA
CVE-2007-3182
Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote malicious users to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal...
Vincent Hor Calendarix 0.7.2007-03-07
NA
CVE-2007-3127
content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.
Ibm Websphere Portal 1.0
NA
CVE-2008-3080
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote malicious users to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
Mywebland Mybloggie 2.1.6
NA
CVE-2007-0605
Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote malicious users to inject arbitrary web script or HTML via the picture parameter.
Advanced Guestbook Advanced Guestbook 2.4.2
NA
CVE-2007-1898
formmail.php in Jetbox CMS 2.1 allows remote malicious users to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
Jetbox Jetbox Cms 2.1
NA
CVE-2007-1899
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote malicious users to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via ...
Mywebland Mybloggie 2.1.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook