Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
g4n0k vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-5219
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and previous versions does not check for administrative authentication and does not require knowledge of the original password, which allows remote malicious users to change the admin account password via modified...
Videoscript Videoscript
1 EDB exploit
7.5
CVSSv2
CVE-2008-5221
The account_save action in admin/userinfo.php in wPortfolio 0.3 and previous versions does not require authentication and does not require knowledge of the original password, which allows remote malicious users to change the admin account password via modified password and passwo...
Wportfolio Wportfolio
Wportfolio Wportfolio 0.2
1 EDB exploit
4.3
CVSSv2
CVE-2008-6267
Cross-site scripting (XSS) vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote malicious users to inject arbitrary web script or HTML via the name parameter.
Sadi Samami Multi Languages Webshop Online 1.02
1 EDB exploit
7.5
CVSSv2
CVE-2009-4674
admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote malicious users to change an arbitrary password via a modified user_id field.
Mole-group Sky Hunter Airline Ticket Sale Script -
Mole-group Bus Ticket Script -
1 EDB exploit
7.5
CVSSv2
CVE-2008-6963
admin.php in TurnkeyForms Text Link Sales allows remote malicious users to bypass authentication and gain administrative privileges via a direct request.
Turnkeyforms Text Link Sales
1 EDB exploit
6.8
CVSSv2
CVE-2008-5568
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and previous versions allows remote malicious users to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters.
Ipn-mate Ipn Pro 3
1 EDB exploit
7.5
CVSSv2
CVE-2009-2003
Ascad Networks Password Protector SD 1.3.1 allows remote malicious users to bypass authentication and gain administrative access by setting the (1) c7portal and (2) cookname cookies to "admin."
Ascadnetworks Password Protector Sd 1.3.1
2 EDB exploits
7.5
CVSSv2
CVE-2008-5650
SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote malicious users to execute arbitrary SQL commands via the pwd parameter.
Alstrasoft Webhost Directory Nil
2 EDB exploits
7.5
CVSSv2
CVE-2008-5655
Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote malicious users to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) a...
Myiosoft Easybookmarker 4.0
2 EDB exploits
9.3
CVSSv2
CVE-2009-1642
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote malicious users to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also s...
Mini-stream Mini-stream To Mp3 Converter 3.0.0.7
6 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »