Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
omni vulnerabilities and exploits
(subscribe to this query)
495
VMScore
CVE-2007-6233
Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC sh...
Ftp Admin Ftp Admin 0.1.0
1 EDB exploit
935
VMScore
CVE-2008-0632
Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory.
Lightblog Lightblog 9.5
1 EDB exploit
435
VMScore
CVE-2007-1433
Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote malicious users to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.
Grayscale Grayscale Blog
1 EDB exploit
755
VMScore
CVE-2007-2305
Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Qdblog Qdblog
1 EDB exploit
1000
VMScore
CVE-2007-2503
Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party ...
Php Turbulence Php Turbulence 0.0.1 Alpha
1 EDB exploit
755
VMScore
CVE-2007-1432
Grayscale Blog 0.8.0, and possibly earlier versions, allows remote malicious users to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks...
Grayscale Grayscale Blog
1 EDB exploit
755
VMScore
CVE-2007-1434
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
Grayscale Grayscale Blog
1 EDB exploit
755
VMScore
CVE-2007-2006
Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote malicious users to execute arbitrary SQL commands via the (1) login or (2) pass parameter.
Pl-php Pl-php
1 EDB exploit
755
VMScore
CVE-2007-2008
Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Pl-php Pl-php 0.9 Beta
1 EDB exploit
440
VMScore
CVE-2007-6232
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote malicious users to inject arbitrary web script or HTML via the error parameter in an error page action.
Ftp Admin 0.1.0
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »