Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
salvatore fresta vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2010-4794
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote malicious users to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index...
Joomlaseller Com Jscalendar 1.5.1
Joomlaseller Com Jscalendar 1.5.4
1 EDB exploit
7.5
CVSSv2
CVE-2010-4795
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third part...
Joomlaseller Com Jscalendar 1.5.1
Joomlaseller Com Jscalendar 1.5.4
1 EDB exploit
7.5
CVSSv2
CVE-2010-4865
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
Harmistechnology Com Jeguestbook 1.0
1 EDB exploit
6.8
CVSSv2
CVE-2010-4143
SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Phpcheckz Phpcheckz 1.1.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-4719
SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote malicious users to execute arbitrary SQL commands via the more parameter.
Bob Jewell Discloser 0.0.4
1 EDB exploit
7.5
CVSSv2
CVE-2009-4791
Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) prior to 1.8.2 allow remote malicious users to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id ...
Ryan Haudenschilt Family Connections 0.1.1
Ryan Haudenschilt Family Connections 0.9.8
Ryan Haudenschilt Family Connections 0.5
Ryan Haudenschilt Family Connections 1.6.1
Ryan Haudenschilt Family Connections 1.8
Ryan Haudenschilt Family Connections
Ryan Haudenschilt Family Connections 0.9.2
Ryan Haudenschilt Family Connections 1.1.1
Ryan Haudenschilt Family Connections 1.7
Ryan Haudenschilt Family Connections 0.1.2
Ryan Haudenschilt Family Connections 1.7.3
Ryan Haudenschilt Family Connections 1.2
Ryan Haudenschilt Family Connections 1.6
Ryan Haudenschilt Family Connections 0.9.5
Ryan Haudenschilt Family Connections 1.1.2
Ryan Haudenschilt Family Connections 1.1
Ryan Haudenschilt Family Connections 1.4
Ryan Haudenschilt Family Connections 0.8
Ryan Haudenschilt Family Connections 1.6.4
Ryan Haudenschilt Family Connections 1.0
Ryan Haudenschilt Family Connections 1.6.2
Ryan Haudenschilt Family Connections 0.9.1
1 EDB exploit
7.5
CVSSv2
CVE-2009-4801
EZ-Blog Beta 1 does not require authentication, which allows remote malicious users to create or delete arbitrary posts via requests to PHP scripts.
Will Kraft Ez-blog -
1 EDB exploit
6.8
CVSSv2
CVE-2009-4805
Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php.
Will Kraft Ez-blog -
1 EDB exploit
5.1
CVSSv2
CVE-2009-1222
Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and previous versions, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter.
Webedition Webedition 6.0.0.4
1 EDB exploit
6.8
CVSSv2
CVE-2009-3494
Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, a...
Todor Lazarov T-htb Manager 0.5
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »