Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
x0r vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2008-6361
Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the lang parameter.
Insun Podcast Feedcms 1.7.3 19beta
1 EDB exploit
755
VMScore
CVE-2008-7003
Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote malicious users to execute arbitrary SQL commands via the (1) user_id and (2) password parameter.
The-rat-cms The-rat-cms Alpha2
1 EDB exploit
755
VMScore
CVE-2009-0399
Chipmunk Blogger Script allows remote malicious users to gain administrator privileges via a direct request to admin/reguser.php. NOTE: this is only a vulnerability when the administrator does not properly follow installation directions.
Chipmunk Scripts Chipmunk Blogger
1 EDB exploit
505
VMScore
CVE-2009-0453
Online Grades 3.2.4 allows remote malicious users to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
Onlinegrades Online Grades 3.2.4
1 EDB exploit
685
VMScore
CVE-2008-6084
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directo...
.matteoiammarrone Iamma Simple Gallery 2.0
.matteoiammarrone Iamma Simple Gallery 1.0
1 EDB exploit
755
VMScore
CVE-2008-6237
SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Scripts-for-sites Hotscripts-like Site -
1 EDB exploit
685
VMScore
CVE-2008-6241
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (ak...
China-on-site Flexphpsite 0.0.1
China-on-site Flexphpsite 0.0.7
1 EDB exploit
755
VMScore
CVE-2009-0738
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote malicious users to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Frankmancuso Auth Php 1.0
1 EDB exploit
755
VMScore
CVE-2009-0750
SQL injection vulnerability in login.php in the smNews example script for txtSQL 2.2 Final allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Tombstone Smnews -
1 EDB exploit
435
VMScore
CVE-2009-0107
Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote malicious users to inject arbitrary web script or HTML via the user_id parameter.
Phpauctions Phpauctions Nil
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »