Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
evuln.com vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-0829
Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remote malicious users to inject arbitrary web script or HTML via the referer (HTTP_REFERER), which is not sanitized when the log file is viewed by the administrator using "Click Log".
E-blah Platinum 9.7
NA
CVE-2006-0843
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote malicious users to read the administrator's password.
Leif M. Wright Web Blog 3.5
NA
CVE-2006-0896
Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote malicious users to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field.
Simple Machines Simple Machines Forum 1.0.6
NA
CVE-2006-0957
Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum prior to 1.2.1 allows remote malicious users to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php.
Zoneo-soft Freeforum 1.1
Zoneo-soft Freeforum 1.1.1
Zoneo-soft Freeforum 1.0
Zoneo-soft Freeforum 1.0.1
Zoneo-soft Freeforum 1.1.2
Zoneo-soft Freeforum 1.2
NA
CVE-2006-4325
Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Doika Doika Guestbook
NA
CVE-2006-0782
Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and previous versions allows remote malicious users to create arbitrary files and possibly execute arbitrary code via unspecified attack vectors related to improper handling of (1) the reply parameter, possibly involving in...
Perlblog Perlblog 1.08
Perlblog Perlblog 1.09
Perlblog Perlblog 1.09b
NA
CVE-2006-0795
Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and previous versions allows remote malicious users to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables.
Thomastsoi Quirex 2.0
Thomastsoi Quirex
NA
CVE-2006-4323
SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the cate_id parameter.
Cityforfree Indexcity 1.0
NA
CVE-2006-4324
Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote malicious users to inject arbitrary web script or HTML via the url parameter.
Cityforfree Indexcity 1.0
NA
CVE-2006-4328
SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the nick parameter.
Cloudnine Interactive Links Manager 2006-06-12
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »