Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cwh vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6381
SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.
Bcoos Bcoos 1.0.11
Bcoos Bcoos 1.0.10
Bcoos Bcoos 1.0.9
Bcoos Bcoos
Bcoos Bcoos 1.0.12
1 EDB exploit
NA
CVE-2008-6665
change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote malicious users to gain administrator privileges via a crafted email parameter, possibly related to code injection.
Anantasoft Ananta Cms 1.0b5
1 EDB exploit
NA
CVE-2008-6513
Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php.
Aphpkb Aphpkb 0.92.9
1 EDB exploit
NA
CVE-2008-6620
Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET...
Grafxsoftware Minicwb
1 EDB exploit
NA
CVE-2008-6790
The admin module in MindDezign Photo Gallery 2.2 allows remote malicious users to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php.
Minddezign Photo Gallery 2.2
1 EDB exploit
NA
CVE-2008-6872
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for database/aspthaiForum.mdb.
Aspthai.net Aspthai Forums 8.5
1 EDB exploit
NA
CVE-2008-5952
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.
Ktp Computer Customer Database Ktp Computer Customer Database Nil
1 EDB exploit
NA
CVE-2008-5953
Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI.
Ktp Computer Customer Database Ktp Computer Customer Database Nil
1 EDB exploit
NA
CVE-2008-3497
SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote malicious users to execute arbitrary SQL commands via the pid parameter.
Myphp Cms Myphp Cms 0.3.1
1 EDB exploit
NA
CVE-2008-6382
ASP Portal 3.2.5 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the database file via a direct request to ASPPortal.mdb.
Aspportal Aspportal 3.2.5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »