Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aliaksandr hartsuyeu vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2006-0103
TinyPHPForum 3.6 and previous versions stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote malicious users to list all registered users and possibly obtain other sensitive information.
Ralph Capper Tinyphpforum 3.47
Ralph Capper Tinyphpforum 3.48
Ralph Capper Tinyphpforum 3.49
Ralph Capper Tinyphpforum 3.499
Ralph Capper Tinyphpforum 3.46
Ralph Capper Tinyphpforum 3.5
Ralph Capper Tinyphpforum 3.6
1 EDB exploit
7.5
CVSSv2
CVE-2006-0135
SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote malicious users to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable).
Thewebforum Thewebforum
1 EDB exploit
7.5
CVSSv2
CVE-2006-0137
SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Phanatic Softwares Chimera Web Portal 0.2
1 EDB exploit
7.5
CVSSv2
CVE-2006-0234
SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote malicious users to execute arbitrary SQL commands via the (1) month and (2) year parameters.
Microblog Microblog 2.0 Rc10
1 EDB exploit
7.5
CVSSv2
CVE-2006-0249
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote malicious users to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable).
Bitdamaged Geoblog Mod 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2006-1232
Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php.
Dsportal Dsdownload 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2006-0673
Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter.
Reamday Enterprises Magic Calendar Lite 1.02
1 EDB exploit
5
CVSSv2
CVE-2006-0691
edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote malicious users to overwrite arbitrary data belonging to any account.
Scheduling Management.com Time Tracking Software 3.0
1 EDB exploit
4.3
CVSSv2
CVE-2006-0735
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and previous versions, as used in products such as My Blog prior to 1.65, allows remote malicious users to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
Fuzzymonkey My Blog 1.31
Fuzzymonkey My Blog 1.4
Fuzzymonkey My Blog 1.63
Fuzzymonkey My Blog 1.64
Fuzzymonkey My Blog 1.23
Fuzzymonkey My Blog 1.3
Fuzzymonkey My Blog 1.61
Fuzzymonkey My Blog 1.62
Fuzzymonkey My Blog 1.21
Fuzzymonkey My Blog 1.22
Fuzzymonkey My Blog 1.52
Fuzzymonkey My Blog 1.6
Fuzzymonkey My Blog 1.0
Fuzzymonkey My Blog 1.2
Fuzzymonkey My Blog 1.5
Fuzzymonkey My Blog 1.51
M Blom Html-bbcode 1.03
M Blom Html-bbcode 1.04
1 EDB exploit
5.1
CVSSv2
CVE-2006-1568
Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters.
Redcms Redcms 0.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »