Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blackhawk vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-6785
The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and previous versions do not exit when authentication fails, which allows remote malicious users to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulne...
Open Newsletter Open Newsletter 2.0
Open Newsletter Open Newsletter
1 EDB exploit
NA
CVE-2006-6786
Open Newsletter 2.5 and previous versions allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.
Open Newsletter Open Newsletter
Open Newsletter Open Newsletter 2.0
1 EDB exploit
NA
CVE-2007-2776
AlstraSoft Template Seller Pro 3.25 and previous versions sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote malicious users to inject a credential variable setting and obtain administrative access via a direct r...
Alstrasoft Template Seller
1 EDB exploit
NA
CVE-2007-2777
Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and previous versions allows remote malicious users to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.
Alstrasoft Template Seller
1 EDB exploit
NA
CVE-2007-2003
InoutMailingListManager 3.1 and previous versions sends a Location redirect header but does not exit after an authorization check fails, which allows remote malicious users to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redi...
Inoutmailinglistmanager Inoutmailinglistmanager
1 EDB exploit
NA
CVE-2007-2004
Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and previous versions allow remote malicious users to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.
Inoutmailinglistmanager Inoutmailinglistmanager
1 EDB exploit
NA
CVE-2007-2081
MyBlog 0.9.8 and previous versions allows remote malicious users to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.
Myblog Myblog
1 EDB exploit
NA
CVE-2007-2371
admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and previous versions provides access to configuration modification before login, which allows remote malicious users to cause a denial of service (loss of configuration data), and possibly perform direct static code ...
Gregory Kokanosky Phpmynewsletter
1 EDB exploit
NA
CVE-2007-2372
admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and previous versions prints a Location header but does not exit when administrative credentials are missing, which allows remote malicious users to compose an e-mail message via a post with the subject, message, f...
Gregory Kokanosky Phpmynewsletter
1 EDB exploit
NA
CVE-2007-2824
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and previous versions allows remote malicious users to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
Alstrasoft E-friends
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »