Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
br0ly vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-1814
SQL injection vulnerability in mail.php in PHPenpals 1.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
Jevontech Phpenpals
1 EDB exploit
NA
CVE-2009-2081
Directory traversal vulnerability in help.php in phpWebThings 1.5.2 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the module parameter.
Phpwebthings Phpwebthings 1.5.1
Phpwebthings Phpwebthings 1.5.0
Phpwebthings Phpwebthings 0.4.1
Phpwebthings Phpwebthings 0.4
Phpwebthings Phpwebthings 0.6.0
Phpwebthings Phpwebthings 0.4.2
Phpwebthings Phpwebthings 1.4
Phpwebthings Phpwebthings
Phpwebthings Phpwebthings 0.3
Phpwebthings Phpwebthings 0.2b
Phpwebthings Phpwebthings 1.1a
Phpwebthings Phpwebthings 1.0
Phpwebthings Phpwebthings 0.2
Phpwebthings Phpwebthings 0.1
1 EDB exploit
NA
CVE-2009-2095
PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, dir...
Mundi King Mundi Mail 0.8.2
1 EDB exploit
NA
CVE-2009-2101
Directory traversal vulnerability in archive.php in TorrentVolve 1.4, when register_globals is enabled, allows remote malicious users to delete arbitrary files via a .. (dot dot) in the deleteTorrent parameter.
Castro Xl Torrentvolve 1.4
1 EDB exploit
NA
CVE-2009-2033
Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 allows remote malicious users to inject arbitrary web script or HTML via the msg parameter.
Ricardo Alexandre De Oliveira Staudt Yogurt 0.3
1 EDB exploit
NA
CVE-2009-2034
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.
Ricardo Alexandre De Oliveira Staudt Yogurt 0.3
1 EDB exploit
NA
CVE-2009-4940
SQL injection vulnerability in index.php in Zeus Cart 2.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
Zeuscart Zeuscart 2.3
1 EDB exploit
NA
CVE-2009-1768
Directory traversal vulnerability in download.php in Rama Zaiten CMS 0.9.8 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Ramazeiten Ramazaitencms0.9.7.5
Ramazeiten Ramazaitencms0.9.8
Ramazeiten Ramazaitencms0.9.7.8
Ramazeiten Ramazaitencms0.9.7.6
1 EDB exploit
NA
CVE-2009-2599
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote malicious users to execute arbitrary SQL commands via the seller parameter in a search action.
Radscripts Radclassifieds 2.0
1 EDB exploit
NA
CVE-2009-2641
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote malicious users to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .....
Rich White School Data Nav
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started