Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sirgod vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2009-1369
moziloCMS 1.11 allows remote malicious users to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message.
Mozilo Mozilocms 1.11
1 EDB exploit
685
VMScore
CVE-2009-1404
SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the user (Username) parameter.
Pastel Pastelcms 0.8.0
1 EDB exploit
685
VMScore
CVE-2009-1405
Directory traversal vulnerability in index.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the set_lng parameter.
Pastel Pastelcms 0.8.0
1 EDB exploit
685
VMScore
CVE-2009-1406
Directory traversal vulnerability in cms_detect.php in TotalCalendar 2.4 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the include parameter.
Sweetphp Totalcalendar 2.4
1 EDB exploit
755
VMScore
CVE-2009-1486
Directory traversal vulnerability in pmscript.php in Flatchat 3.0 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the with parameter.
Ninjadesigns Flatchat 3.0
1 EDB exploit
685
VMScore
CVE-2009-1625
Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the ln parameter.
Davlin Thickbox Gallery 2
1 EDB exploit
645
VMScore
CVE-2009-0383
delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote malicious users to delete arbitrary blog posts via a direct request.
Mzbservices Max.blog 1.0.6
1 EDB exploit
505
VMScore
CVE-2009-0571
admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to the backup directory.
Ninjadesigns Mailist 3.0
1 EDB exploit
755
VMScore
CVE-2009-1319
Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote malicious users to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php.
Guestcal Guest Cal 2.1
1 EDB exploit
435
VMScore
CVE-2009-1367
Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote malicious users to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a.
Mozilo Mozilocms 1.11
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »