Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
t0pp8uzz vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2008-1872
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote malicious users to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.
Comdev Comdev News Publisher 4.1.2
1 EDB exploit
755
VMScore
CVE-2008-1904
Cicoandcico CcMail 1.0.1 and previous versions does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote malicious users to obtain access to the "admin area" via a modified this_cookie cookie.
Cicoandcico Ccmail 1.0
Cicoandcico Ccmail
1 EDB exploit
755
VMScore
CVE-2008-2338
Interspire ActiveKB 1.5 and previous versions allows remote malicious users to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin.
Interspire Activekb
1 EDB exploit
755
VMScore
CVE-2008-2347
MyPicGallery 1.0 allows remote malicious users to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
Mypicgallery Mypicgallery 1.0
1 EDB exploit
755
VMScore
CVE-2008-2353
Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and previous versions allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the show parameter.
Gnugallery Gnugallery
1 EDB exploit
755
VMScore
CVE-2008-6523
auth.php in openInvoice 0.90 beta and previous versions allows remote malicious users to bypass authentication and gain privileges by setting the oiauth cookie. NOTE: this can be leveraged with a separate vulnerability in resetpass.php to modify passwords for arbitrary users.
Cale Dunlap Openinvoice 0.90
1 EDB exploit
755
VMScore
CVE-2007-5992
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote malicious users to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.
Datecomm Social Networking Script -
1 EDB exploit
755
VMScore
CVE-2008-6209
SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote malicious users to execute arbitrary SQL commands via the cat_id parameter.
Vastal Software Zone -
1 EDB exploit
655
VMScore
CVE-2008-6524
resetpass.php in openInvoice 0.90 beta and previous versions allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication...
Cale Dunlap Openinvoice
1 EDB exploit
755
VMScore
CVE-2008-6714
admin.php in xeCMS 1.0.0 RC2 and previous versions allows remote malicious users to bypass authentication and access the admin panel by setting the xecms_username cookie.
Xecms Project Xecms 1.0.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »