Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dj7xpl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1908
PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote malicious users to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.
Php121 Php121 Instant Messenger 2.2
1 EDB exploit
NA
CVE-2007-1937
PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote malicious users to execute arbitrary PHP code via a URL in the config parameter.
Dreamcodes Scorp Book 1.0
1 EDB exploit
NA
CVE-2007-1998
Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote malicious users to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.
Hiox India Guest Book 4.0
1 EDB exploit
NA
CVE-2007-2050
Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter.
Ricargbook Ricargbook 1.2.1
1 EDB exploit
NA
CVE-2007-2146
The imagecomments function in classes.php in MiniGal b13 allow remote malicious users to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely fr...
Minigal Minigal B13
1 EDB exploit
NA
CVE-2007-2154
PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote malicious users to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.
Cabron Connector Cabron Connector
1 EDB exploit
NA
CVE-2007-2167
Static code injection vulnerability in process.php in AimStats 3.2 allows remote malicious users to inject PHP code into config.php via the number parameter in an update action.
Aimstats Aimstats 3.2
1 EDB exploit
NA
CVE-2007-3630
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote malicious users to change passwords for arbitrary users via a modified password parameter.
Av Scripts Av Tutorial Script 1.0
1 EDB exploit
NA
CVE-2007-1479
Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote malicious users to inject arbitrary web script or HTML via an unspecified parameter.
Creative Guestbook Creative Guestbook 1.0
1 EDB exploit
NA
CVE-2007-1480
Creative Guestbook 1.0 allows remote malicious users to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set.
Creative Guestbook Creative Guestbook 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »