Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sirgod vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2008-4522
Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php.
Jesse-web Jmweb Mp3 Music Audio Search And Download Script
1 EDB exploit
435
VMScore
CVE-2009-4209
Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367.
Mozilo Mozilocms 1.11.1
1 EDB exploit
1000
VMScore
CVE-2009-1916
dig.php in GScripts.net DNS Tools allows remote malicious users to execute arbitrary commands via shell metacharacters in the ns parameter.
Gscripts Dns Tools
1 EDB exploit
435
VMScore
CVE-2009-1951
Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote malicious users to inject arbitrary web script or HTML via the pl parameter in a mi action.
Propertymaxpro Propertymax Pro Free 0.3
1 EDB exploit
685
VMScore
CVE-2009-1952
Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Propertymaxpro Propertymax Pro Free 0.3
1 EDB exploit
755
VMScore
CVE-2009-2096
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote malicious users to execute arbitrary SQL commands via the itemnr parameter.
David Degner Phpcollegeexchange 0.1.5c
1 EDB exploit
765
VMScore
CVE-2009-2110
Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when magic_quotes_gpc is disabled, allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the u parameter to (1) full.php, (2) index.php, and (3) contact.php.
Jnmsolutions Db Top Sites 1.0
1 EDB exploit
755
VMScore
CVE-2009-2123
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote malicious users to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_b...
Elvinbts Elvinbts 1.2.0
1 EDB exploit
755
VMScore
CVE-2009-2124
Directory traversal vulnerability in page.php in Elvin 1.2.0 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the id parameter.
Elvinbts Elvinbts 1.2.0
1 EDB exploit
435
VMScore
CVE-2009-2127
Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote malicious users to inject arbitrary web script or HTML via the id parameter.
Elvinbts Elvinbts 1.2.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »