Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dsecrg vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-0332
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the page parameter.
Aria Aria 0.99-6
1 EDB exploit
NA
CVE-2008-0359
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.
Blog Cms Blog Cms 4.2.1 C
1 EDB exploit
NA
CVE-2008-0360
Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote malicious users to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.
Blog Cms Blog Cms 4.2.1 C
1 EDB exploit
NA
CVE-2008-0513
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector th...
Phpcms Phpcms 1.2.2
1 EDB exploit
NA
CVE-2008-0612
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Xoops Xoops 2.0.18
1 EDB exploit
NA
CVE-2009-0465
The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote malicious users to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the intended .box ...
Synactis All In The Box.ocx 3
1 EDB exploit
NA
CVE-2009-1315
Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) gid parameter to groups_profile.php, (2) cat_id and (3) razd_id parameters to adv_cat.php, and the (4) URL to blogs_full.php.
Abk-soft Ablespace 1.0
1 EDB exploit
NA
CVE-2009-1316
Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote malicious users to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php.
Abk-soft Ablespace 1.0
1 EDB exploit
NA
CVE-2009-1554
Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote malicious users to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 4...
Sun Woodstock 4.2
1 EDB exploit
NA
CVE-2007-6548
Multiple direct static code injection vulnerabilities in RunCMS prior to 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter ...
Runcms Runcms
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »