Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2008-2833
admin/upload.php in le.cms 1.4 and previous versions allows remote malicious users to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload pa...
Worldlevel Le.cms
1 EDB exploit
715
VMScore
CVE-2008-5677
Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and previous versions, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it...
Kwalbum Kwalbum 0.9.3
Kwalbum Kwalbum 0.9.2
Kwalbum Kwalbum 0.6.15
Kwalbum Kwalbum 0.6.14
Kwalbum Kwalbum 0.6.7
Kwalbum Kwalbum 0.6.6
Kwalbum Kwalbum 0.5.9
Kwalbum Kwalbum 0.5.8
Kwalbum Kwalbum 2.0.1
Kwalbum Kwalbum 2.0
Kwalbum Kwalbum 0.8.0
Kwalbum Kwalbum 0.7.1
Kwalbum Kwalbum 0.6.11
Kwalbum Kwalbum 0.6.10
Kwalbum Kwalbum 0.6.0
Kwalbum Kwalbum 0.5.12
Kwalbum Kwalbum 0.5.4
Kwalbum Kwalbum 0.5.3
Kwalbum Kwalbum 2.0.4
Kwalbum Kwalbum
Kwalbum Kwalbum 0.9.1
Kwalbum Kwalbum 0.9.0
1 EDB exploit
655
VMScore
CVE-2008-2488
admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts.
Beaussier Roomphplanning 1.5
1 EDB exploit
755
VMScore
CVE-2008-2574
Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote malicious users to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/.
Flashblog Flashblog 0.31
1 EDB exploit
NA
CVE-2023-33291
In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the appl...
Ebankit Ebankit 6
755
VMScore
CVE-2009-3949
cp/profile.php in VivaPrograms Infinity 2.0.5 and previous versions does not require administrative authentication for the donewauthor action, which allows remote malicious users to create administrative accounts via the name, password, and conf_password parameters.
Vivaprograms Infinity Script
Vivaprograms Infinity Script 2.0.0
1 EDB exploit
685
VMScore
CVE-2008-6918
Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/.
Theportal2.pl Theportal2 2.2
1 EDB exploit
755
VMScore
CVE-2008-6952
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the c parameter.
Cms.maury91 Maurycms 0.53.2
1 EDB exploit
1000
VMScore
CVE-1999-1479
The textcounter.pl by Matt Wright allows remote malicious users to execute arbitrary commands via shell metacharacters.
Matt Wright Textcounter 1.2
1 EDB exploit
505
VMScore
CVE-2000-0853
YaBB Bulletin Board 9.1.2000 allows remote malicious users to read arbitrary files via a .. (dot dot) attack.
Yabb Yabb 2000-09-01
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »