Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
d3v1l vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2009-2172
Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.
Dream Radio And Tv Player Addon For Vbulletin
1 EDB exploit
6.8
CVSSv2
CVE-2008-6271
Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the content parameter.
Tbmnet Tbmnetcms 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2008-4336
Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote malicious users to inject arbitrary web script or HTML via the apa_album_ID parameter.
Constantin Charissis Atomic Photo Album 1.1.0 Pre4
1 EDB exploit
7.5
CVSSv2
CVE-2008-4497
SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote malicious users to execute arbitrary SQL commands via the event_id parameter.
Built2go Real Estate Listings 1.5
1 EDB exploit
4.3
CVSSv2
CVE-2009-1623
Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote malicious users to inject arbitrary web script or HTML via the PID parameter.
Dew-code Dew-newphplinks 2.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-4880
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote malicious users to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
Maran Php Shop
1 EDB exploit
7.5
CVSSv2
CVE-2008-6401
SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote malicious users to execute arbitrary SQL commands via the kat parameter.
Jetik Jetik-web -
1 EDB exploit
4.3
CVSSv2
CVE-2011-5177
Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote malicious users to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter ...
Esyndicat Esyndicat Pro 2.3.05
1 EDB exploit
5
CVSSv2
CVE-2009-1624
Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote malicious users to read arbitrary files via a .. (dot dot) in the show parameter.
Dew-code Dew-newphplinks 2.0
1 EDB exploit
4.3
CVSSv2
CVE-2012-2371
Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.
Mnt-tech Wp-facethumb 0.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »