Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

the g0bl!n vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2009-2080
admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote malicious users to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.
Mrcgiguy The Ticket System 2.0
NA
CVE-2009-2639
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote malicious users to execute arbitrary SQL commands via the id parameter in a viewticket action.
Mrcgiguy The Ticket System 2.0
NA
CVE-2009-1813
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote malicious users to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).
Submitterscript Submitterscript 2
NA
CVE-2009-2550
Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote malicious users to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file.
Ondanera Hamster Audio Player 0.3a
NA
CVE-2009-3367
Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote malicious users to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this informati...
Plohni An Image Gallery 1.0
NA
CVE-2009-4669
Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote malicious users to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbi...
Beaussier Roomphplanning 1.6
NA
CVE-2009-4671
Login.php in RoomPHPlanning 1.6 allows remote malicious users to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.
Beaussier Roomphplanning 1.6
NA
CVE-2009-4200
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
Vollmar Com Seminar 1.28
NA
CVE-2009-4670
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote malicious users to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.
Beaussier Roomphplanning 1.6
NA
CVE-2009-1816
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote malicious users to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.
Mygamescript My Game Script 2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367CVE-2024-35977CVE-2023-49335man-in-the-middleCVE-2024-4947CVE-2024-31714memory leakSQLCVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook