Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
waraxe vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2159
backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote malicious users to create and download a backup database by making a direct request and then retrieving a .gz file from backups/.
Torrenttrader Torrenttrader Classic 1.09
1 EDB exploit
NA
CVE-2009-2160
TorrentTrader Classic 1.09 allows remote malicious users to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote malicious users to (2) obtain other potentially sensitive information via a direct request to ...
Torrenttrader Torrenttrader Classic 1.09
1 EDB exploit
NA
CVE-2009-2161
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a m...
Torrenttrader Torrenttrader Classic 1.09
1 EDB exploit
NA
CVE-2012-1603
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote malicious users to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreet...
Nextbbs Nextbbs 0.6
1 EDB exploit
NA
CVE-2012-1604
Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote malicious users to inject arbitrary web script or HTML via the do parameter to index.php.
Nextbbs Nextbbs 0.6
1 EDB exploit
NA
CVE-2013-1804
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote malicious users to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitra...
Php-fusion Php-fusion 7.02.04
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.03
1 EDB exploit
NA
CVE-2013-1807
PHP-Fusion prior to 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote malicious users to obtain sensitive information via a direct request to the backup file in administration/db_backups/.
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.04
Php-fusion Php-fusion 7.02.03
1 EDB exploit
NA
CVE-2012-1613
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery prior to 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
Coppermine-gallery Coppermine Photo Gallery 1.4.17
Coppermine-gallery Coppermine Photo Gallery 1.5.8
Coppermine-gallery Coppermine Photo Gallery 1.4.11
Coppermine-gallery Coppermine Photo Gallery 1.4.19
Coppermine-gallery Coppermine Photo Gallery 1.4.14
Coppermine-gallery Coppermine Photo Gallery 1.2.0
Coppermine-gallery Coppermine Photo Gallery 1.4.8
Coppermine-gallery Coppermine Photo Gallery 1.2.1
Coppermine-gallery Coppermine Photo Gallery 1.4.23
Coppermine-gallery Coppermine Photo Gallery 1.4.22
Coppermine-gallery Coppermine Photo Gallery 1.4.7
Coppermine-gallery Coppermine Photo Gallery 1.4.0
Coppermine-gallery Coppermine Photo Gallery 1.5.4
Coppermine-gallery Coppermine Photo Gallery 1.4.2
Coppermine-gallery Coppermine Photo Gallery 1.4.26
Coppermine-gallery Coppermine Photo Gallery 1.4.16
Coppermine-gallery Coppermine Photo Gallery 1.5.10
Coppermine-gallery Coppermine Photo Gallery 1.4.3
Coppermine-gallery Coppermine Photo Gallery 1.2
Coppermine-gallery Coppermine Photo Gallery 1.5.14
Coppermine-gallery Coppermine Photo Gallery 1.5.6
Coppermine-gallery Coppermine Photo Gallery 1.5.16
1 EDB exploit
NA
CVE-2012-1614
Coppermine Photo Gallery prior to 1.5.20 allows remote malicious users to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an ...
Coppermine-gallery Coppermine Photo Gallery 1.4.17
Coppermine-gallery Coppermine Photo Gallery 1.5.8
Coppermine-gallery Coppermine Photo Gallery 1.4.11
Coppermine-gallery Coppermine Photo Gallery 1.4.19
Coppermine-gallery Coppermine Photo Gallery 1.4.14
Coppermine-gallery Coppermine Photo Gallery 1.2.0
Coppermine-gallery Coppermine Photo Gallery 1.4.8
Coppermine-gallery Coppermine Photo Gallery 1.2.1
Coppermine-gallery Coppermine Photo Gallery 1.4.23
Coppermine-gallery Coppermine Photo Gallery 1.4.22
Coppermine-gallery Coppermine Photo Gallery 1.4.7
Coppermine-gallery Coppermine Photo Gallery 1.4.0
Coppermine-gallery Coppermine Photo Gallery 1.5.4
Coppermine-gallery Coppermine Photo Gallery 1.4.2
Coppermine-gallery Coppermine Photo Gallery 1.4.26
Coppermine-gallery Coppermine Photo Gallery 1.4.16
Coppermine-gallery Coppermine Photo Gallery 1.5.10
Coppermine-gallery Coppermine Photo Gallery 1.4.3
Coppermine-gallery Coppermine Photo Gallery 1.2
Coppermine-gallery Coppermine Photo Gallery 1.5.14
Coppermine-gallery Coppermine Photo Gallery 1.5.6
Coppermine-gallery Coppermine Photo Gallery 1.5.16
1 EDB exploit
NA
CVE-2009-0673
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
Ravenphpscripts Ravennuke 2.30
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »