Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
k1tk4t vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2007-6552
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to...
Auracms Auracms 2.2
1 EDB exploit
755
VMScore
CVE-2008-3203
js/pages/pages_data.php in AuraCMS 2.2 up to and including 2.2.2 does not perform authentication, which allows remote malicious users to add, edit, and delete web content via a modified id parameter.
Auracms Auracms 2.2.2
Auracms Auracms 2.2
Auracms Auracms 2.2.1
1 EDB exploit
755
VMScore
CVE-2008-0390
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote malicious users to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.
Auracms Auracms 1.62
Auracms Mod Block Statistik
1 EDB exploit
515
VMScore
CVE-2006-5250
PHP remote file inclusion vulnerability in lib/googlesearch/GoogleSearch.php in BlueShoes 4.6_public and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the APP[path][lib] parameter, a different vector than CVE-2006-2864.
Blueshoes Blueshoes Framework
1 EDB exploit
755
VMScore
CVE-2006-5254
PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the mosConfig_ab...
Mamboxchange Extended Registration
1 EDB exploit
685
VMScore
CVE-2006-5310
PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote malicious users to execute arbitrary PHP code via a URL in the...
Phpmyconferences Phpmyconferences
J-pierre Dezelus Les Visiteurs 2.0.1
1 EDB exploit
755
VMScore
CVE-2007-6004
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote malicious users to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.
Toko Instan 7.6
1 EDB exploit
755
VMScore
CVE-2006-5249
PHP remote file inclusion vulnerability in tagmin/delTagUser.php in TagIt! Tagboard 2.1.B Build 2 (tagit2b) allows remote malicious users to execute arbitrary PHP code via a URL in the configpath parameter.
Tagit Tagboard 2.1.b Build 2
1 EDB exploit
755
VMScore
CVE-2007-4456
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote malicious users to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in ...
Mambo Mambo
Parkview Consultants Simplefaq 2.11
Parkview Consultants Simplefaq 2.40
1 EDB exploit
755
VMScore
CVE-2007-4597
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote malicious users to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.
Turnkey Web Tools Sunshop Shopping Cart 4.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »