Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
omni vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1432
Grayscale Blog 0.8.0, and possibly earlier versions, allows remote malicious users to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks...
Grayscale Grayscale Blog
1 EDB exploit
NA
CVE-2007-2007
admin.php in pL-PHP beta 0.9 allows remote malicious users to bypass authentication by setting the is_admin parameter to 1.
Pl-php Pl-php 0.9 Beta
1 EDB exploit
NA
CVE-2007-2006
Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote malicious users to execute arbitrary SQL commands via the (1) login or (2) pass parameter.
Pl-php Pl-php
1 EDB exploit
NA
CVE-2008-0632
Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory.
Lightblog Lightblog 9.5
1 EDB exploit
NA
CVE-2007-6233
Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC sh...
Ftp Admin Ftp Admin 0.1.0
1 EDB exploit
NA
CVE-2007-6234
index.php in FTP Admin 0.1.0 allows remote malicious users to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
Ftp Admin Ftp Admin 0.1.0
1 EDB exploit
NA
CVE-2007-2008
Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Pl-php Pl-php 0.9 Beta
1 EDB exploit
NA
CVE-2007-1433
Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote malicious users to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.
Grayscale Grayscale Blog
1 EDB exploit
NA
CVE-2007-2305
Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Qdblog Qdblog
1 EDB exploit
NA
CVE-2006-2242
acFTP 1.4 allows remote malicious users to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
Acftp Acftp 1.4
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »