Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blackhawk vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-0350
admin/index.php in Evilsentinel 1.0.9 and previous versions sends a redirect to the web browser but does not exit, which allows remote malicious users to gain administrative privileges and make arbitrary configuration changes.
Evilsentinel Evilsentinel
1 EDB exploit
6.5
CVSSv2
CVE-2009-1230
Static code injection vulnerability in index.php in Podcast Generator 1.1 and previous versions allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
Podcast Generator Podcast Generator 0.96.2
Podcast Generator Podcast Generator 1.0
Podcast Generator Podcast Generator 1.0 Beta4a
Podcast Generator Podcast Generator 0.6
Podcast Generator Podcast Generator 0.95
Podcast Generator Podcast Generator 1.0 Beta4
Podcast Generator Podcast Generator 0.96
Podcast Generator Podcast Generator 0.9
Podcast Generator Podcast Generator 0.81
Podcast Generator Podcast Generator 1.0 Beta
Podcast Generator Podcast Generator 0.92
Podcast Generator Podcast Generator 0.93
Podcast Generator Podcast Generator 1.0 Beta3
Podcast Generator Podcast Generator
Podcast Generator Podcast Generator 0.94
Podcast Generator Podcast Generator 1.0 Beta2
Podcast Generator Podcast Generator 0.91
Podcast Generator Podcast Generator 0.8
1 EDB exploit
6.8
CVSSv2
CVE-2007-2003
InoutMailingListManager 3.1 and previous versions sends a Location redirect header but does not exit after an authorization check fails, which allows remote malicious users to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redi...
Inoutmailinglistmanager Inoutmailinglistmanager
1 EDB exploit
7.5
CVSSv2
CVE-2007-2004
Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and previous versions allow remote malicious users to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.
Inoutmailinglistmanager Inoutmailinglistmanager
1 EDB exploit
7.5
CVSSv2
CVE-2007-2081
MyBlog 0.9.8 and previous versions allows remote malicious users to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.
Myblog Myblog
1 EDB exploit
7.5
CVSSv2
CVE-2007-3586
Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and previous versions allow remote malicious users to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.ph...
Mycms Mycms
1 EDB exploit
6.5
CVSSv2
CVE-2006-6786
Open Newsletter 2.5 and previous versions allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.
Open Newsletter Open Newsletter
Open Newsletter Open Newsletter 2.0
1 EDB exploit
6.8
CVSSv2
CVE-2006-7117
Multiple directory traversal vulnerabilities in Kubix 0.7 and previous versions allow remote malicious users to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2)...
Kubix Kubix
1 EDB exploit
7.5
CVSSv2
CVE-2006-7116
SQL injection vulnerability in includes/functions.php in Kubix 0.7 and previous versions allows remote malicious users to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.
Kubix Kubix
1 EDB exploit
10
CVSSv2
CVE-2007-2824
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and previous versions allows remote malicious users to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
Alstrasoft E-friends
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »