Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sirgod vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-3593
Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Syzygycms Syzygycms 0.3
1 EDB exploit
NA
CVE-2008-6726
Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-34...
Cmscout Cmscout 2.06
1 EDB exploit
NA
CVE-2008-7056
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote malicious users to obtain copies of the database via a direct request.
Grayscalecms Bandsite Cms 1.1.4
1 EDB exploit
NA
CVE-2008-7057
Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote malicious users to inject arbitrary HTML or web script via the type parameter.
Grayscalecms Bandsite Cms 1.1.4
1 EDB exploit
NA
CVE-2008-7058
Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote malicious users to hijack the authentication of administrators and force a logout via adminpanel/logout.php.
Grayscalecms Bandsite Cms 1.1.4
1 EDB exploit
NA
CVE-2009-3148
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote malicious users to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.
Portalxp Portalxp 1.2
1 EDB exploit
NA
CVE-2009-3158
admin/files.php in simplePHPWeb 0.2 does not require authentication, which allows remote malicious users to perform unspecified administrative actions via unknown vectors. NOTE: some of these details are obtained from third party information.
Carsten Wulff Simplephpweb 0.2
1 EDB exploit
NA
CVE-2009-3217
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote malicious users to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
Wiccle Iwiccle 1.01
1 EDB exploit
9.8
CVSSv3
CVE-2009-3421
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote malicious users to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Zenas Pao-bacheca Guestbook 2.1
1 EDB exploit
NA
CVE-2009-3422
login.php in Zenas PaoLiber 1.1, when register_globals is enabled, allows remote malicious users to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Zenas Paoliber 1.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »