Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ravenphpscripts ravennuke 2.30 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-0674
images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote malicious users to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the err...
Ravenphpscripts Ravennuke 2.30
1 EDB exploit
NA
CVE-2009-0678
images/captcha.php in RavenNuke 2.30 allows remote malicious users to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.
Ravenphpscripts Ravennuke 2.30
1 EDB exploit
NA
CVE-2009-0672
SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.
Ravenphpscripts Ravennuke 2.30
1 EDB exploit
NA
CVE-2009-0673
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
Ravenphpscripts Ravennuke 2.30
1 EDB exploit
NA
CVE-2009-0677
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with...
Ravenphpscripts Ravennuke 2.30
1 EDB exploit
NA
CVE-2009-0679
Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ravenphpscripts Ravennuke 2.30
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started