Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

br0ly vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2009-1814
SQL injection vulnerability in mail.php in PHPenpals 1.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
Jevontech Phpenpals
NA
CVE-2009-2081
Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the module parameter.
Phpwebthings Phpwebthings 1.5.1Phpwebthings Phpwebthings 1.5.0Phpwebthings Phpwebthings 0.4.1Phpwebthings Phpwebthings 0.4Phpwebthings Phpwebthings 0.6.0Phpwebthings Phpwebthings 0.4.2Phpwebthings Phpwebthings 1.4Phpwebthings PhpwebthingsPhpwebthings Phpwebthings 0.3Phpwebthings Phpwebthings 0.2bPhpwebthings Phpwebthings 1.1aPhpwebthings Phpwebthings 1.0Phpwebthings Phpwebthings 0.2Phpwebthings Phpwebthings 0.1
NA
CVE-2009-2095
PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, dir...
Mundi King Mundi Mail 0.8.2
NA
CVE-2009-2101
Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote malicious users to delete arbitrary files via a .. (dot dot) in the deleteTorrent parameter.
Castro Xl Torrentvolve 1.4
NA
CVE-2009-2033
Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote malicious users to inject arbitrary web script or HTML via the msg parameter.
Ricardo Alexandre De Oliveira Staudt Yogurt 0.3
NA
CVE-2009-2034
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.
Ricardo Alexandre De Oliveira Staudt Yogurt 0.3
NA
CVE-2009-4940
SQL injection vulnerability in index.php in Zeus Cart 2.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
Zeuscart Zeuscart 2.3
NA
CVE-2009-1768
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Ramazeiten Ramazaitencms0.9.7.5Ramazeiten Ramazaitencms0.9.8Ramazeiten Ramazaitencms0.9.7.8Ramazeiten Ramazaitencms0.9.7.6
NA
CVE-2009-2599
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote malicious users to execute arbitrary SQL commands via the seller parameter in a search action.
Radscripts Radclassifieds 2.0
NA
CVE-2009-2641
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote malicious users to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .....
Rich White School Data Nav
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook