Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aria-security team vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-6091
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote malicious users to execute arbitrary SQL commands via the (1) Username (aka Login or Emai...
Jiro Banner System 2.0
1 EDB exploit
NA
CVE-2007-6138
SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote malicious users to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.
Vu Mass Mailer
1 EDB exploit
NA
CVE-2006-6936
Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote malicious users to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. NOTE: vector 1 likely overlaps CVE-2006-3032.
Pensacola Web Designs Xtremeasp Photogallery 2.0
1 EDB exploit
NA
CVE-2007-6163
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote malicious users to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information.
Gouae Dwd Realty 0
1 EDB exploit
NA
CVE-2007-0399
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
Simple Machines Simple Machines Forum 1.1 Rc3
1 EDB exploit
NA
CVE-2007-6217
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote malicious users to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party informat...
Irola My-time 3.5
1 EDB exploit
NA
CVE-2007-4208
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote malicious users to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.
Morgan Ids Next Gen Portfolio Manager
1 EDB exploit
NA
CVE-2006-6367
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote malicious users to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
Duware Dunews 1.0
Duware Dunews 1.1
Duware Dudownload 1.0
Duware Dudownload 1.1
Duware Dupaypal 3.0
Duware Dupaypal 3.1
Duware Dupaypal Pro 3.0
Duware Dupaypal Pro 3.1
1 EDB exploit
NA
CVE-2008-5766
SQL injection vulnerability in download.php in Farsi Script Faupload allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Fascript Faupload Nil
1 EDB exploit
NA
CVE-2007-3987
SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote malicious users to execute arbitrary SQL commands via the SearchWord parameter.
Junction Quest Image Racer 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »