Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qabandi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2132
Directory traversal vulnerability in global.php in 4images prior to 1.7.7, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the l parameter.
4homepages 4images 1.6
4homepages 4images 1.5
4homepages 4images 1.7
4homepages 4images 1.7.3
4homepages 4images 1.7.5
4homepages 4images 1.7.4
4homepages 4images 1.0
4homepages 4images
4homepages 4images 1.7.1
4homepages 4images 1.7.2
4homepages 4images 1.6.1
1 EDB exploit
NA
CVE-2009-2167
Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and previous versions, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter.
Egyplus 7ammel
1 EDB exploit
9.8
CVSSv3
CVE-2009-2168
cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and previous versions sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote malicious users to bypass authentication by providing arbitrary username and password pa...
Egyplus 7ammel
1 EDB exploit
NA
CVE-2009-2180
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and previous versions allow remote malicious users to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.
Pc4arb Pc4 Uploader 10.0
1 EDB exploit
NA
CVE-2009-4206
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Cmsnx Million Dollar Text Links
1 EDB exploit
NA
CVE-2009-4987
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote malicious users to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.
Scripteen Free Image Hosting Script 2.3
1 EDB exploit
NA
CVE-2009-4673
SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote malicious users to execute arbitrary SQL commands via the user_id parameter.
Mole-group Adult Portal Script -
1 EDB exploit
NA
CVE-2009-4735
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a login action.
Allomani Audio \\& Video Library 2.7.0
1 EDB exploit
NA
CVE-2009-2131
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and previous versions allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
4homepages 4images 1.7.1
4homepages 4images 1.7
4homepages 4images 1.6.1
4homepages 4images 1.5
4homepages 4images 1.7.3
4homepages 4images 1.7.6
4homepages 4images 1.0
4homepages 4images 1.7.2
4homepages 4images 1.6
4homepages 4images 1.7.5
4homepages 4images 1.7.4
4homepages 4images
1 EDB exploit
NA
CVE-2009-3358
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote malicious users to execute arbitrary SQL commands via the user_id parameter.
Tourismscripts Adult Portal Escort Listing
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2