Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cyber-zone vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-6796
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote malicious users to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
Preprojects Pre Real Estate Listings
1 EDB exploit
5
CVSSv2
CVE-2008-6356
evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb.
Donnafontenot Evcal Events Calendar -
1 EDB exploit
7.5
CVSSv2
CVE-2008-6371
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote malicious users to execute arbitrary SQL commands via the username (Username parameter).
Ocean12tech Membership Manager Pro -
1 EDB exploit
7.5
CVSSv2
CVE-2008-6380
SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote malicious users to execute arbitrary SQL commands via the CategoryID parameter.
Activewebsoftwares Active Web Helpdesk 2.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-5047
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Mole Group Rental Script
1 EDB exploit
7.5
CVSSv2
CVE-2008-6285
SQL injection vulnerability in index.php in PHP TV Portal 2.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the mid parameter.
Businessvein Php Tv Portal
1 EDB exploit
9.3
CVSSv2
CVE-2009-3717
Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote malicious users to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file.
Lucvil Patplayer 3.9
1 EDB exploit
6.8
CVSSv2
CVE-2009-1609
Unrestricted file upload vulnerability in admin/uploadform.asp in Battle Blog 1.25 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Battleblog Battle Blog 1.25
1 EDB exploit
9.3
CVSSv2
CVE-2009-1351
Heap-based buffer overflow in Apollo 37zz allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.
Heikki Ylinen Apollo 37zz
1 EDB exploit
7.5
CVSSv2
CVE-2009-1746
SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote malicious users to execute arbitrary SQL commands via the id parameter in a detail action.
Diangemilang Dgnews 3.0 Beta
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »