Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lionturk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-0976
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote malicious users to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final instal...
Acidcat Acidcat Cms 3.5.1
Acidcat Acidcat Cms 3.5.0
Acidcat Acidcat Cms 3.5.3
Acidcat Acidcat Cms 3.5.2
1 EDB exploit
NA
CVE-2010-0978
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for db/db.mdb.
Kmsoft Guestbook 1.0
1 EDB exploit
NA
CVE-2010-0984
Acidcat CMS 3.5.3 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
Acidcat Acidcat Cms 3.4.0
Acidcat Acidcat Cms
Acidcat Acidcat Cms 2.1.13
Acidcat Acidcat Cms 2.1.12
Acidcat Acidcat Cms 3.5.2
Acidcat Acidcat Cms 3.5.1
Acidcat Acidcat Cms 3.5.0
Acidcat Acidcat Cms 2.1.11
Acidcat Acidcat Cms 3.3.5
Acidcat Acidcat Cms 3.4.2
Acidcat Acidcat Cms 3.4.1
1 EDB exploit
NA
CVE-2010-1064
Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for db/ajxgaleri.mdb.
Aspindir Erolife Ajxgaleri Vt
1 EDB exploit
NA
CVE-2007-3061
Cactushop 6 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.
Cactusoft Cactushop
1 EDB exploit
NA
CVE-2010-0375
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote malicious users to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
Jce-tech Php Calendars Script
1 EDB exploit
NA
CVE-2010-0376
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote malicious users to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that...
Jce-tech Php Calendars Script
1 EDB exploit
NA
CVE-2010-0380
install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote malicious users to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the ...
Jce-tech Php Calendars Script
1 EDB exploit
NA
CVE-2009-4820
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for veribaze/angelo.mdb.
Aspindir Angelo-emlak 1.0
1 EDB exploit
NA
CVE-2009-4825
8pixel.net Blog 4 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for App_Data/sb.mdb.
8pixel Simple Blog 4.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »