Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

undefined1_ vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2007-5222
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote malicious users to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.
Maxdev Mdpro 1.0.76
NA
CVE-2007-5062
account.php in Adam Scheinberg Flip 3.0 and previous versions allows remote malicious users to create administrative accounts via the un parameter in a register action.
Adam Scheinberg Flip
NA
CVE-2007-5063
Adam Scheinberg Flip 3.0 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a file containing login credentials via a direct request for var/users.txt.
Adam Scheinberg Flip
NA
CVE-2006-6879
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and previous versions allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
Php-update Php-update
NA
CVE-2006-6878
admin/uploads.php in PHP-Update 2.7 and previous versions allows remote malicious users to gain privileges by setting the rights[7] parameter to 1 during a login action.
Php-update Php-update
NA
CVE-2006-1668
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and previous versions allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter an...
Crafty Syntax Image Gallery Crafty Syntax Image Gallery
NA
CVE-2006-1667
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and previous versions allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable...
Crafty Syntax Image Gallery Crafty Syntax Image Gallery 3.1g
NA
CVE-2006-1481
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.
Php Ticket Php Ticket 0.6Php Ticket Php TicketPhp Ticket Php Ticket 0.5
NA
CVE-2006-1422
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and previous versions allows remote malicious users to execute arbitrary SQL commands via the event_id parameter.
Jjwwebdesign Phpbookingcalendar
NA
CVE-2006-1412
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the admin password file and obtain password hashes via a direct request to admin/passwd.
Tft Gallery Tft Gallery 0.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook