Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
egix vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5318
Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin 1.2 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in ...
Kishore Asokan Kish Guest Posting Plugin 1.2
1 EDB exploit
NA
CVE-2014-8790
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 up to and including 3.3.x prior to 3.3.5 Beta 1, when in certain configurations, allows remote malicious users to read arbitrary files via the data parameter.
Get-simple Getsimple Cms 3.3.2
Get-simple Getsimple Cms 3.2
Cagintranetworks Getsimple Cms 3.3.3
Cagintranetworks Getsimple Cms 3.3.4
Get-simple Getsimple Cms 3.1.1
Get-simple Getsimple Cms 3.1.2
Get-simple Getsimple Cms 3.2.1
Get-simple Getsimple Cms 3.2.2
Get-simple Getsimple Cms 3.3.0
Get-simple Getsimple Cms 3.2.3
Get-simple Getsimple Cms 3.3.1
NA
CVE-2008-6632
SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and previous versions allows remote malicious users to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).
Mercuryboard Mercuryboard 1.1.2
Mercuryboard Mercuryboard 1.1.1
Mercuryboard Mercuryboard 1.1
Mercuryboard Mercuryboard 1.0
Mercuryboard Mercuryboard
1 EDB exploit
NA
CVE-2008-7154
Docebo 3.5.0.3 and previous versions allows remote malicious users to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class....
Docebo Docebo 3.5 Beta
Docebo Docebo
Docebo Docebo 3.0.3
Docebo Docebo 3.0.5
Docebo Docebo 3.0.4
1 EDB exploit
NA
CVE-2009-1911
Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and previous versions, as used in TinyWebGallery (TWG) 1.7.6 and previous versions, allows remote malicious users to include and execute arbitrary local files via a .. (dot do...
Tinywebgallery Tinywebgallery 1.7.5.1
Tinywebgallery Tinywebgallery 1.7.5
Tinywebgallery Tinywebgallery 1.7.3.3
Tinywebgallery Tinywebgallery 1.7.3.2
Tinywebgallery Tinywebgallery 1.6.2
Tinywebgallery Tinywebgallery 1.6.1
Tinywebgallery Tinywebgallery 1.5.2.1 20.09.2006 1000
Tinywebgallery Tinywebgallery 1.5.2 17.09.2006 1000
Tinywebgallery Tinywebgallery 1.7.4.5
Tinywebgallery Tinywebgallery 1.7.4.4
Tinywebgallery Tinywebgallery 1.7.3.1
Tinywebgallery Tinywebgallery 1.7.3-12.05.2008
Tinywebgallery Tinywebgallery 1.6
Tinywebgallery Tinywebgallery 1.5.5 30.10.2006 2200
Tinywebgallery Tinywebgallery 1.5.1 03.09.2006
Tinywebgallery Tinywebgallery 1.5.0.2 17.08.2006
Tinywebgallery Tinywebgallery 1.4.0.4
Tinywebgallery Tinywebgallery 1.4.0.3
Tinywebgallery Tinywebgallery 1.1.2
Tinywebgallery Tinywebgallery 1.1.1
Tinywebgallery Tinywebgallery 1.4.1.1
Tinywebgallery Tinywebgallery 1.4.1
1 EDB exploit
6.1
CVSSv3
CVE-2015-7711
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the h parameter.
Atutor Atutor
NA
CVE-2015-7712
Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and previous versions allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the (1) asc or (2) desc parameter.
Atutor Atutor
NA
CVE-2007-4053
SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the order parameter to new_images.php.
Linpha Linpha
1 EDB exploit
NA
CVE-2008-5967
admin/index.php in PHP iCalendar 2.3.4, 2.24, and previous versions does not require administrative authentication for an addupdate action, which allows remote malicious users to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web ...
Phpicalendar Phpicalendar 0.9
Phpicalendar Phpicalendar 0.8
Phpicalendar Phpicalendar 0.9.5
Phpicalendar Phpicalendar 2.0
Phpicalendar Phpicalendar 2.23
Phpicalendar Phpicalendar 1.1
Phpicalendar Phpicalendar 1.0
Phpicalendar Phpicalendar 2.21
Phpicalendar Phpicalendar 2.22
Phpicalendar Phpicalendar 0.7
Phpicalendar Phpicalendar 2.1
Phpicalendar Phpicalendar 2.2
Phpicalendar Phpicalendar 2.0c
Phpicalendar Phpicalendar 2.0.1
Phpicalendar Phpicalendar 2.24
Phpicalendar Phpicalendar
1 EDB exploit
NA
CVE-2007-6543
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Esyndicat Esyndicat Link Exchange
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »