Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blackh vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-3303
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote malicious users to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
Tuxplanet Bilboblog 0.2.1
1 EDB exploit
NA
CVE-2009-2254
Zen Cart 1.3.8a, 1.3.8, and previous versions does not require administrative authentication for admin/sqlpatch.php, which allows remote malicious users to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of passw...
Zen-cart Zen Cart 1.3.6
Zen-cart Zen Cart 1.2.4d
Zen-cart Zen Cart 1.1.3
Zen-cart Zen Cart 1.1.0
Zen-cart Zen Cart 1.2.1d
Zen-cart Zen Cart 1.2.0d
Zen-cart Zen Cart 1.3.7
Zen-cart Zen Cart
Zen-cart Zen Cart 1.3.8
1 EDB exploit
NA
CVE-2009-2255
Zen Cart 1.3.8a, 1.3.8, and previous versions does not require administrative authentication for admin/record_company.php, which allows remote malicious users to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO...
Zen-cart Zen Cart 1.2.4d
Zen-cart Zen Cart 1.2.1d
Zen-cart Zen Cart 1.2.0d
Zen-cart Zen Cart
Zen-cart Zen Cart 1.3.8
Zen-cart Zen Cart 1.1.3
Zen-cart Zen Cart 1.1.0
Zen-cart Zen Cart 1.3.7
Zen-cart Zen Cart 1.3.6
1 EDB exploit
NA
CVE-2008-3301
Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote malicious users t...
Tuxplanet Bilboblog 0.2.1
1 EDB exploit
NA
CVE-2008-3302
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
Tuxplanet Bilboblog 0.2.1
1 EDB exploit
NA
CVE-2008-3304
BilboBlog 0.2.1 allows remote malicious users to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.
Tuxplanet Bilboblog 0.2.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started