Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
the g0bl!n vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2080
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote malicious users to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.
Mrcgiguy The Ticket System 2.0
1 EDB exploit
NA
CVE-2009-2639
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote malicious users to execute arbitrary SQL commands via the id parameter in a viewticket action.
Mrcgiguy The Ticket System 2.0
1 EDB exploit
NA
CVE-2009-1813
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote malicious users to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).
Submitterscript Submitterscript 2
1 EDB exploit
NA
CVE-2009-2550
Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote malicious users to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file.
Ondanera Hamster Audio Player 0.3a
2 EDB exploits
NA
CVE-2009-3367
Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote malicious users to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this informati...
Plohni An Image Gallery 1.0
1 EDB exploit
NA
CVE-2009-4669
Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote malicious users to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbi...
Beaussier Roomphplanning 1.6
1 EDB exploit
NA
CVE-2009-4671
Login.php in RoomPHPlanning 1.6 allows remote malicious users to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.
Beaussier Roomphplanning 1.6
1 EDB exploit
NA
CVE-2009-4200
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
Vollmar Com Seminar 1.28
1 EDB exploit
NA
CVE-2009-4670
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote malicious users to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.
Beaussier Roomphplanning 1.6
1 EDB exploit
NA
CVE-2009-1816
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote malicious users to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.
Mygamescript My Game Script 2.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »