Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yenh4cker vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2009-1614
Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form). NOTE: some of th...
Gowondesigns Leap 0.1.4
1 EDB exploit
6.8
CVSSv2
CVE-2009-1615
Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.
Gowondesigns Leap 0.1.4
1 EDB exploit
7.5
CVSSv2
CVE-2009-1650
Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote malicious users to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.
Tenfourzero Shutter 0.1.1
1 EDB exploit
6.8
CVSSv2
CVE-2009-1661
SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the rating parameter to index.php.
Anoldman Utopic 1.0
1 EDB exploit
6.8
CVSSv2
CVE-2009-1799
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parame...
Sebastian-thiele St-gallery 0.1 Alpha
1 EDB exploit
6
CVSSv2
CVE-2009-1810
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote malicious users to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parame...
Collector Mycolex 1.4.2
1 EDB exploit
6
CVSSv2
CVE-2009-1812
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote malicious users to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via t...
Collector Mygesuad 0.9.14
1 EDB exploit
4
CVSSv2
CVE-2009-1825
modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
Collector Mycolex 1.4.2
1 EDB exploit
6.5
CVSSv2
CVE-2009-1826
modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
Collector Mygesuad 0.9.14
1 EDB exploit
7.5
CVSSv2
CVE-2009-1910
SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote malicious users to execute arbitrary SQL commands via the AlbumId parameter.
Rafal Kucharski Rtwebalbum 1.0.462
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »