Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
undefined1_ vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-5222
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote malicious users to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.
Maxdev Mdpro 1.0.76
2 EDB exploits
NA
CVE-2007-5062
account.php in Adam Scheinberg Flip 3.0 and previous versions allows remote malicious users to create administrative accounts via the un parameter in a register action.
Adam Scheinberg Flip
1 EDB exploit
NA
CVE-2007-5063
Adam Scheinberg Flip 3.0 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a file containing login credentials via a direct request for var/users.txt.
Adam Scheinberg Flip
1 EDB exploit
NA
CVE-2006-6879
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and previous versions allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
Php-update Php-update
2 EDB exploits
NA
CVE-2006-6878
admin/uploads.php in PHP-Update 2.7 and previous versions allows remote malicious users to gain privileges by setting the rights[7] parameter to 1 during a login action.
Php-update Php-update
1 EDB exploit
NA
CVE-2006-1668
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and previous versions allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter an...
Crafty Syntax Image Gallery Crafty Syntax Image Gallery
1 EDB exploit
NA
CVE-2006-1667
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and previous versions allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable...
Crafty Syntax Image Gallery Crafty Syntax Image Gallery 3.1g
1 EDB exploit
NA
CVE-2006-1481
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.
Php Ticket Php Ticket 0.6
Php Ticket Php Ticket
Php Ticket Php Ticket 0.5
1 EDB exploit
NA
CVE-2006-1422
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and previous versions allows remote malicious users to execute arbitrary SQL commands via the event_id parameter.
Jjwwebdesign Phpbookingcalendar
2 EDB exploits
NA
CVE-2006-1412
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the admin password file and obtain password hashes via a direct request to admin/passwd.
Tft Gallery Tft Gallery 0.10
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started