Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

byalbayx vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2009-0458
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote malicious users to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details ...
Wholehogsoftware Ware Support 1.0
NA
CVE-2009-0459
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote malicious users to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of ...
Wholehogsoftware Password Protect 1.0
NA
CVE-2009-4202
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
Omilenitsolutions Com Omphotogallery 0.5
NA
CVE-2009-2022
fipsCMS Light 2.1 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the database file and obtain sensitive information via a direct request for _fipsdb/db.mdb.
Fipsasp Fipscms Light 2.1
NA
CVE-2009-1748
Multiple directory traversal vulnerabilities in index.php in Catviz 0.4.0 Beta 1 allow remote malicious users to read arbitrary files via a .. (dot dot) in the (1) webpages_form or (2) userman_form parameter.
Joost Horward Catviz 0.4.0
NA
CVE-2009-1752
exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote malicious users to gain privileges a direct request. NOTE: some of these details are obtained from third party information.
Exjune Office Message System 1
NA
CVE-2009-1850
SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote malicious users to execute arbitrary SQL commands via the password parameter.
Benjamin Curtis Phpbugtracker 1.0.3
NA
CVE-2009-0252
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote malicious users to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are o...
Enthrallweb Ereservations
NA
CVE-2009-1495
Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for data/db.mdb.
Webfileexplorer Web File Explorer 3.1
NA
CVE-2009-0602
Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi 1.11 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/.
Wikkitikkitavi Wikkitikkitavi 1.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook