Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rgod vulnerabilities and exploits
(subscribe to this query)
265
VMScore
CVE-2006-3571
Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.
Papoo Papoo 2.1.2
Papoo Papoo 2.1.5
Papoo Papoo 3.0.0 Rc3
1 EDB exploit
755
VMScore
CVE-2005-3324
SQL injection vulnerability in chat.php in MWChat 6.8 allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Appindex Mwchat 6.8
1 EDB exploit
755
VMScore
CVE-2005-3681
SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote malicious users to execute arbitrary SQL commands via the list parameter.
Xoops Wf-downloads 2.05
1 EDB exploit
515
VMScore
CVE-2006-1480
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote malicious users to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (...
Duda Webalbum
1 EDB exploit
755
VMScore
CVE-2006-1495
SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote malicious users to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option.
Phpcollab Phpcollab 2.5.rc3
Netoffice Netoffice 2.5.3 Pl1
Phpcollab Phpcollab 2.4
1 EDB exploit
755
VMScore
CVE-2005-2885
The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote malicious users to bypass file extension checks and execute arbitrary commands by uploading a file with a diffe...
Maxdev Md-pro 1.0.73
1 EDB exploit
755
VMScore
CVE-2005-3130
SQL injection vulnerability in lucidCMS 1.0.11 allows remote malicious users to execute arbitrary SQL commands via the login field.
Lucidcms Lucidcms 1.0.11
1 EDB exploit
755
VMScore
CVE-2006-4859
Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and previous versions allows remote malicious users to upload PHP code to the images/contact folder via a filename with a double extension in t...
Limbo Cms Limbo Cms 1.0.4.1
Limbo Cms Limbo Cms 1.0.4.2
Limbo Cms Limbo Cms 1.0.4.2l
1 EDB exploit
505
VMScore
CVE-2005-2956
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote malicious users to obtain user chat conversations via direct requests to those files.
Adaptive Technology Resource Centre Atutor 1.5.1
1 EDB exploit
755
VMScore
CVE-2005-3010
Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and previous versions allows remote malicious users to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
Cutephp Cutenews
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »