Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
code injection vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-2141
Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote malicious users to inject arbitrary PHP code into shouts.php via the shout parameter.
Shoutpro Shoutpro
1 EDB exploit
9.3
CVSSv2
CVE-2007-6082
Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote malicious users to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.
Sciurus Sciurus Hosting Panel 2.0.3
1 EDB exploit
5
CVSSv2
CVE-2006-4977
Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and previous versions allow remote malicious users to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_upda...
Walter Beschmout Phpquiz
1 EDB exploit
7.5
CVSSv2
CVE-2006-4978
Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
Walter Beschmout Phpquiz
1 EDB exploit
5
CVSSv2
CVE-2006-4865
Walter Beschmout PhpQuiz allows remote malicious users to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors.
Phpquiz Phpquiz
1 EDB exploit
7.5
CVSSv2
CVE-2011-1412
sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x prior to 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.
Ioquake3 Ioquake3 Engine
Worldofpadman World Of Padman 1.5
Openarena Openarena 0.8.x-15
Openarena Openarena 0.8.x-16
7.5
CVSSv2
CVE-2021-26599
ImpressCMS prior to 1.4.3 allows include/findusers.php groups SQL Injection.
Impresscms Impresscms
10
CVSSv2
CVE-2021-44734
Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code execution on the device.
Lexmark B2236 Firmware
Lexmark Mb2236 Firmware
Lexmark Ms431 Firmware
Lexmark Ms331 Firmware
Lexmark M1342 Firmware
Lexmark B3442 Firmware
Lexmark B3340 Firmware
Lexmark Xm1342 Firmware
Lexmark Mx331 Firmware
Lexmark Mx431 Firmware
Lexmark Mb3442 Firmware
Lexmark Ms321 Firmware
Lexmark Ms421 Firmware
Lexmark Ms521 Firmware
Lexmark Ms621 Firmware
Lexmark M1242 Firmware
Lexmark M1246 Firmware
Lexmark B2338 Firmware
Lexmark B2442 Firmware
Lexmark B2546 Firmware
Lexmark B2650 Firmware
Lexmark Ms622 Firmware
9.3
CVSSv2
CVE-2014-1632
htdocs/setup/index.php in Eventum prior to 2.3.5 allows remote malicious users to inject and execute arbitrary PHP code via the hostname parameter.
Eventum Project Eventum
1 EDB exploit
7.5
CVSSv2
CVE-2012-1495
install/index.php in WebCalendar prior to 1.2.5 allows remote malicious users to execute arbitrary code via the form_single_user_login parameter.
Webcalendar Project Webcalendar
2 EDB exploits
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »