Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
k1tk4t vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-4908
Directory traversal vulnerability in index.php in AuraCMS 2.1 and previous versions allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the pilih parameter.
Auracms Auracms 1.5 Rc
Auracms Auracms 1.62
Auracms Auracms 1.0
Auracms Auracms 1.5
Auracms Auracms 2.0
Auracms Auracms 2.1
1 EDB exploit
6.4
CVSSv2
CVE-2007-5261
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote malicious users to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.
Iscripts Multicart 1.0
1 EDB exploit
5.1
CVSSv2
CVE-2006-5250
PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864.
Blueshoes Blueshoes Framework
1 EDB exploit
7.5
CVSSv2
CVE-2006-5256
PHP remote file inclusion vulnerability in claroline/inc/lib/import.lib.php in Claroline 1.8.0 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the includePath parameter.
Claroline Claroline 1.6
Claroline Claroline 1.6 Beta
Claroline Claroline 1.7.5
Claroline Claroline 1.7.6
Claroline Claroline 1.2
Claroline Claroline 1.3
Claroline Claroline 1.6 Rc1
Claroline Claroline 1.7
Claroline Claroline 1.7.7
Claroline Claroline
Claroline Claroline 1.4
Claroline Claroline 1.5
Claroline Claroline 1.7.1
Claroline Claroline 1.7.2
Claroline Claroline 1.5.3
Claroline Claroline 1.5.4
Claroline Claroline 1.7.3
Claroline Claroline 1.7.4
1 EDB exploit
7.5
CVSSv2
CVE-2008-3203
js/pages/pages_data.php in AuraCMS 2.2 up to and including 2.2.2 does not perform authentication, which allows remote malicious users to add, edit, and delete web content via a modified id parameter.
Auracms Auracms 2.2.2
Auracms Auracms 2.2
Auracms Auracms 2.2.1
1 EDB exploit
7.5
CVSSv2
CVE-2007-6004
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.
Toko Instan 7.6
1 EDB exploit
7.5
CVSSv2
CVE-2007-4456
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote malicious users to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in ...
Mambo Mambo
Parkview Consultants Simplefaq 2.11
Parkview Consultants Simplefaq 2.40
1 EDB exploit
7.5
CVSSv2
CVE-2007-4736
SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote malicious users to execute arbitrary SQL commands via the category_id parameter.
Cartkeeper Ckgold Shopping Cart 2.0
1 EDB exploit
7.5
CVSSv2
CVE-2006-7130
PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.
Jinzora Jinzora 0.3
Jinzora Jinzora 0.5
Jinzora Jinzora 0.1.1
Jinzora Jinzora 0.9.2
Jinzora Jinzora 0.9.1
Jinzora Jinzora 0.2
Jinzora Jinzora 0.9.5
Jinzora Jinzora 1.0.1
Jinzora Jinzora 0.9.4
Jinzora Jinzora 0.9.3
Jinzora Jinzora
Jinzora Jinzora 1.1
Jinzora Jinzora 0.4
Jinzora Jinzora 0.8.1
Jinzora Jinzora 0.7
Jinzora Jinzora 2.0
Jinzora Jinzora 2.0.1
Jinzora Jinzora 0.3.1
Jinzora Jinzora 0.6.2
Jinzora Jinzora 0.9
Jinzora Jinzora 0.8.2
1 EDB exploit
7.5
CVSSv2
CVE-2007-4156
Multiple SQL injection vulnerabilities in wolioCMS allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (...
Woliocms Woliocms
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »