Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qabandi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-1742
code.php in PC4Arb Pc4 Uploader 9.0 and previous versions makes it easier for remote malicious users to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON"...
Pc4arb Pc4 Uploader
1 EDB exploit
6.8
CVSSv2
CVE-2009-2132
Directory traversal vulnerability in global.php in 4images prior to 1.7.7, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the l parameter.
4homepages 4images 1.6
4homepages 4images 1.5
4homepages 4images 1.7
4homepages 4images 1.7.3
4homepages 4images 1.7.5
4homepages 4images 1.7.4
4homepages 4images 1.0
4homepages 4images
4homepages 4images 1.7.1
4homepages 4images 1.7.2
4homepages 4images 1.6.1
1 EDB exploit
6.8
CVSSv2
CVE-2009-2167
Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and previous versions, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter.
Egyplus 7ammel
1 EDB exploit
7.8
CVSSv2
CVE-2009-2922
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 up to and including 2.3.5 allows remote malicious users to read arbitrary files via a base64-encoded file parameter.
Pixaria Pixaria Gallery 2.3.5
Pixaria Pixaria Gallery 2.0.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-4734
SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a login action.
Allomani Movies Library 2.7.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-4673
SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote malicious users to execute arbitrary SQL commands via the user_id parameter.
Mole-group Adult Portal Script -
1 EDB exploit
7.5
CVSSv2
CVE-2008-4622
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote malicious users to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
Phpfastnews Phpfastnews 1.0.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-3430
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a login action.
Allomani Mobile 2.5
1 EDB exploit
3.5
CVSSv2
CVE-2009-2131
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and previous versions allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
4homepages 4images 1.7.1
4homepages 4images 1.7
4homepages 4images 1.6.1
4homepages 4images 1.5
4homepages 4images 1.7.3
4homepages 4images 1.7.6
4homepages 4images 1.0
4homepages 4images 1.7.2
4homepages 4images 1.6
4homepages 4images 1.7.5
4homepages 4images 1.7.4
4homepages 4images
1 EDB exploit
5
CVSSv2
CVE-2009-2180
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and previous versions allow remote malicious users to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.
Pc4arb Pc4 Uploader 10.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »