Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
injector5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-1664
myaccount.php in Easy Scripts Answer and Question Script does not verify the original password before changing passwords, which allows remote malicious users to change the password of other users and gain privileges via modified userid, txtpassword, and txtRpassword parameters.
Easy-scripts Answer And Question Script
1 EDB exploit
NA
CVE-2009-1665
myaccount.php in Easy Scripts Answer and Question Script allows remote malicious users to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.
Easy-scripts Answer And Question Script
1 EDB exploit
NA
CVE-2008-7080
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain database credentials via a direct request for admin/backup/datadump.sql.
Phpclassifiedsscript Php Classifieds Script
1 EDB exploit
NA
CVE-2008-7117
eledicss.php in WeBid auction script 0.5.4 allows remote malicious users to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
Webidsupport Webid 0.5.4
1 EDB exploit
NA
CVE-2008-7118
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain SQL query logs via a direct request for logs/cron.log.
Webidsupport Webid 0.5.4
1 EDB exploit
NA
CVE-2008-6155
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote malicious users to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party info...
Hispah Text Links Ads 1.1
1 EDB exploit
NA
CVE-2008-2132
SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote malicious users to execute arbitrary SQL commands via the cat_fldAuto parameter.
Systementor Postcardmentor
1 EDB exploit
NA
CVE-2008-2225
SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows remote malicious users to execute arbitrary SQL commands via the systemId parameter.
Gamecms Gamecms Lite 1.0
1 EDB exploit
NA
CVE-2008-4083
Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party informatio...
Brim-project Brim 2.0.0
1 EDB exploit
NA
CVE-2008-6225
SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote malicious users to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread...
Mole-group Airline Ticket Sale Script -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »