Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netvigilance.com vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0607
W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote malicious users to obtain application path information via a direct request.
W-agora W-agora 4.2.1
NA
CVE-2007-3129
Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote malicious users to inject arbitrary web script or HTML via the password parameter.
Utopia Software Utopia News Pro
NA
CVE-2007-3652
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote malicious users to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.
Fascript Faname 1.0
NA
CVE-2007-3128
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the page parameter.
Ibm Websphere Portal 1.0
NA
CVE-2007-4873
SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.
Simplenews Simplenews 2.41.03
NA
CVE-2007-0609
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote malicious users to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extensio...
Advanced Guestbook Advanced Guestbook 2.4.2
1 EDB exploit
NA
CVE-2007-4863
SQL injection vulnerability in example.php in SAXON 5.4 allows remote malicious users to execute arbitrary SQL commands via the template parameter.
Quirm Saxon 5.4
1 EDB exploit
NA
CVE-2007-4862
Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote malicious users to inject arbitrary web script or HTML via the config[news_url] parameter.
Quirm Saxon 5.4
1 EDB exploit
NA
CVE-2007-1903
Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote malicious users to inject arbitrary web script or HTML via the part parameter.
Sonicbb Sonicbb 1.0
1 EDB exploit
NA
CVE-2007-1898
formmail.php in Jetbox CMS 2.1 allows remote malicious users to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
Jetbox Jetbox Cms 2.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »