Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
code injection vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1349
Eval injection vulnerability in ajax.php in openSIS 4.5 up to and including 5.2 allows remote malicious users to execute arbitrary PHP code via the modname parameter.
Os4ed Opensis 4.5
Os4ed Opensis 4.6
Os4ed Opensis 4.7
Os4ed Opensis 4.8
Os4ed Opensis 4.8.1
Os4ed Opensis 4.9
Os4ed Opensis 5.0
Os4ed Opensis 5.1
Os4ed Opensis 5.2
1 EDB exploit
NA
CVE-2003-0495
Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote malicious users to insert arbitrary web script via a news item.
Ledscripts.com Lednews 0.7
1 EDB exploit
NA
CVE-2006-4978
Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
Walter Beschmout Phpquiz
1 EDB exploit
NA
CVE-2006-4865
Walter Beschmout PhpQuiz allows remote malicious users to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors.
Phpquiz Phpquiz
1 EDB exploit
NA
CVE-2007-1947
Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension prior to 1.04 for Mozilla Firefox allows remote malicious users to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the...
Parakey Inc. Firebug
1 EDB exploit
NA
CVE-2007-2141
Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote malicious users to inject arbitrary PHP code into shouts.php via the shout parameter.
Shoutpro Shoutpro
1 EDB exploit
NA
CVE-2002-1481
savesettings.php in phpGB 1.20 and previous versions does not require authentication, which allows remote malicious users to cause a denial of service or execute arbitrary PHP code by using savesettings.php to modify config.php.
Phpgb Phpgb 1.10
Phpgb Phpgb 1.20
1 EDB exploit
NA
CVE-2007-6082
Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote malicious users to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.
Sciurus Sciurus Hosting Panel 2.0.3
1 EDB exploit
NA
CVE-2011-1412
sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x prior to 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.
Ioquake3 Ioquake3 Engine
Openarena Openarena 0.8.x-15
Openarena Openarena 0.8.x-16
Worldofpadman World Of Padman 1.5
NA
CVE-2012-5231
miniCMS 1.0 and 2.0 allows remote malicious users to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing f...
Jessgramp Minicms 1.0
Jessgramp Minicms 2.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »