Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dj7xpl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1933
Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.
Dreamcodes Pcp-guestbook 3.0
1 EDB exploit
NA
CVE-2007-2184
Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote malicious users to read arbitrary files via a .. (dot dot) in the acc parameter.
Jchit Counter 1.0.0
1 EDB exploit
NA
CVE-2007-2574
Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote malicious users to read arbitrary files via a .. (dot dot) in the index parameter.
Archangelmgt Weblog 0.90.02
1 EDB exploit
NA
CVE-2007-2642
Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote malicious users to read arbitrary files via a .. (dot dot) in the lang2 parameter.
R2k R2k Gallery 1.7
1 EDB exploit
NA
CVE-2007-2647
Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_...
Monalbum Monalbum 0.8.7
1 EDB exploit
NA
CVE-2007-2665
PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote malicious users to execute arbitrary PHP code via a URL in the Include parameter.
Php Firstpost Php Firstpost 0.1
1 EDB exploit
NA
CVE-2007-2715
Admin/users.php in Snaps! Gallery 1.4.4 allows remote malicious users to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.
Snaps Gallery Snaps Gallery 1.4.4
1 EDB exploit
NA
CVE-2007-2899
Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote malicious users to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
Navboard Navboard 16
1 EDB exploit
NA
CVE-2008-0245
admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote malicious users to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
Uploadscript Uploadimage 1.0
Uploadscript Uploadscript 1.0
1 EDB exploit
NA
CVE-2007-3630
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote malicious users to change passwords for arbitrary users via a modified password parameter.
Av Scripts Av Tutorial Script 1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »