Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
girex vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2008-1554
SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism.
Topper Toppermod 2.0
1 EDB exploit
505
VMScore
CVE-2008-6537
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote malicious users to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
Lightneasy Lightneasy 1.2
1 EDB exploit
505
VMScore
CVE-2008-6590
Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote malicious users to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php.
Lightneasy Lightneasy 1.2.2
Sqlite Sqlite 1.2.2
1 EDB exploit
755
VMScore
CVE-2008-6592
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and previous versions, allows remote malicious users to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_...
Sqlite Sqlite 1.2.2
Lightneasy Lightneasy 1.2.2
1 EDB exploit
505
VMScore
CVE-2008-6643
LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote malicious users to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php.
Lokicms Lokicms 0.3.4
1 EDB exploit
685
VMScore
CVE-2010-4151
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006...
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb 1.08
Deluxebb Deluxebb 1.2
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb 1.07
Deluxebb Deluxebb
Deluxebb Deluxebb 1.09
Deluxebb Deluxebb 1.06
Deluxebb Deluxebb 1.1
1 EDB exploit
755
VMScore
CVE-2008-3416
SQL injection vulnerability in modules/members.php in IceBB prior to 1.0-rc9.3 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in...
Icebb Icebb 1.0
1 EDB exploit
755
VMScore
CVE-2009-1033
SQL injection vulnerability in misc.php in DeluxeBB 1.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the qorder parameter, a different vector than CVE-2005-2989 and CVE-2006-2503.
Deluxebb Deluxebb 1.07
Deluxebb Deluxebb 1.1
Deluxebb Deluxebb 1.09
Deluxebb Deluxebb 1.2
Deluxebb Deluxebb 1.0
Deluxebb Deluxebb
Deluxebb Deluxebb 1.05
Deluxebb Deluxebb 1.06
Deluxebb Deluxebb 1.08
1 EDB exploit
655
VMScore
CVE-2008-5320
SQL injection vulnerability in usersettings.php in e107 0.7.13 and previous versions allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
E107 E107
E107 E107 0.7.11
E107 E107 0.7.4
E107 E107 0.7.3
E107 E107 0.6171
E107 E107 0.617
E107 E107 0.611
E107 E107 0.610
E107 E107 0.603
E107 E107 0.602
E107 E107 0.549 Beta
E107 E107 0.548 Beta
E107 E107 5.3 Beta2
E107 E107 5.3 Beta
E107 E107 0.7.8
E107 E107 0.7.7
E107 E107 0.7
E107 E107 0.6175
E107 E107 0.6174
E107 E107 0.615
E107 E107 0.614
E107 E107 0.607
1 EDB exploit
435
VMScore
CVE-2008-2024
Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote malicious users to inject arbitrary web script or HTML via the glang[] parameter in a registernew action.
Minibb Minibb
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »