Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2018-12054
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.
Schools Alert Management Script Project Schools Alert Management Script -
1 EDB exploit
935
VMScore
CVE-2012-1661
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and previous versions does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote malicious users to execute arbitrary VBA code via a crafted map (.mxd) file.
Esri Arcgis
Esri Arcgis 9.0
Esri Arcmap 9.0
1 EDB exploit
645
VMScore
CVE-2018-12053
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.
Schools Alert Management Script Project Schools Alert Management Script -
1 EDB exploit
435
VMScore
CVE-2018-18760
RhinOS 3.0 build 1190 allows CSRF.
Saltos Rhinos 3.0
1 EDB exploit
270
VMScore
CVE-2007-1773
Multiple directory traversal vulnerabilities in aBitWhizzy allow remote malicious users to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384.
Unverse.net Abitwhizzy
2 EDB exploits
685
VMScore
CVE-2009-4819
Multiple unrestricted file upload vulnerabilities in upload.php in PHPhotoalbum allow remote malicious users to execute arbitrary code by uploading a file with a (1) .php.pgif or (2) .php.pjpeg double extension, then accessing it via a direct request to the file in albums/userpic...
Stoverud Phphotoalbum 0.5
Stoverud Phphotoalbum 0.4
Stoverud Phphotoalbum 0.3
1 EDB exploit
NA
CVE-2012-2344
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5099. Reason: This candidate is a duplicate of CVE-2010-5099. Notes: All CVE users should reference CVE-2010-5099 instead of this candidate. All references and descriptions in this candidate have been removed...
1 EDB exploit
505
VMScore
CVE-2009-4050
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 allows remote malicious users to read arbitrary files via directory traversal sequences in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third p...
Phpmybackuppro Phpmybackuppro 2.1
1 EDB exploit
755
VMScore
CVE-2005-1629
SQL injection vulnerability in member.php for Photopost PHP Pro allows remote malicious users to execute arbitrary SQL commands via the verifykey parameter.
Photopost Photopost Php Pro 3.1
Photopost Photopost Php Pro 3.2
Photopost Photopost Php Pro 5.0 Rc3
Photopost Photopost Php Pro 4.0
Photopost Photopost Php Pro 4.6
Photopost Photopost Php Pro 3.3
Photopost Photopost Php Pro 4.1
Photopost Photopost Php Pro 4.8.1
1 EDB exploit
685
VMScore
CVE-2010-5099
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x prior to 4.2.16, 4.3.x prior to 4.3.9, and 4.4.x prior to 4.4.5 does not properly filter file types, which allows remote malicious users to bypass intended access restrictions and access arb...
Typo3 Typo3 4.2.0
Typo3 Typo3 4.2.7
Typo3 Typo3 4.2.8
Typo3 Typo3 4.2.15
Typo3 Typo3 4.2.3
Typo3 Typo3 4.2.4
Typo3 Typo3 4.2.11
Typo3 Typo3 4.2.12
Typo3 Typo3 4.2.5
Typo3 Typo3 4.2.6
Typo3 Typo3 4.2.13
Typo3 Typo3 4.2.14
Typo3 Typo3 4.2.1
Typo3 Typo3 4.2.2
Typo3 Typo3 4.2.9
Typo3 Typo3 4.2.10
Typo3 Typo3 4.3.7
Typo3 Typo3 4.3.8
Typo3 Typo3 4.3.2
Typo3 Typo3 4.3.3
Typo3 Typo3 4.3.4
Typo3 Typo3 4.3.5
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »