Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cwh vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2008-2966
Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and previous versions allows remote malicious users to read arbitrary local files via a .. (dot dot) in the user parameter. party information.
Jaxultrabb Jaxultrabb
1 EDB exploit
755
VMScore
CVE-2008-3178
Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote malicious users to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/.
Webxell Webxell Editor 0.1.3
1 EDB exploit
655
VMScore
CVE-2008-3181
Unrestricted file upload vulnerability in upload.php in ContentNow CMS 1.4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.
Content Now Content Now 1.4.1
1 EDB exploit
685
VMScore
CVE-2008-3191
Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile acti...
Marcioforum Mforum 0.1a
1 EDB exploit
755
VMScore
CVE-2008-6446
Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote malicious users to inject arbitrary PHP code into the guestbook via the message parameter.
Geniuscyber Maxsite -
1 EDB exploit
685
VMScore
CVE-2008-6513
Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php.
Aphpkb Aphpkb 0.92.9
1 EDB exploit
435
VMScore
CVE-2008-6700
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, an...
Butterflymedia Butterfly Organizer 2.0.0
1 EDB exploit
505
VMScore
CVE-2008-6872
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for database/aspthaiForum.mdb.
Aspthai.net Aspthai Forums 8.5
1 EDB exploit
685
VMScore
CVE-2008-6911
SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.i...
Brewblogger Brewblogger 2.1.0.1
1 EDB exploit
435
VMScore
CVE-2008-2644
Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote malicious users to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s ...
Smeweb Smeweb 1.4b
Smeweb Smeweb 1.4f
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »