Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dj7xpl vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-2050
Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter.
Ricargbook Ricargbook 1.2.1
1 EDB exploit
NA
CVE-2007-3630
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote malicious users to change passwords for arbitrary users via a modified password parameter.
Av Scripts Av Tutorial Script 1.0
1 EDB exploit
NA
CVE-2007-2169
Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote malicious users to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through a request to index.php.
Mozzers Subsystem Mozzers Subsystem
1 EDB exploit
NA
CVE-2007-3403
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote malicious users to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
Dreamlog Dreamlog 0.5
1 EDB exploit
NA
CVE-2007-2899
Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote malicious users to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
Navboard Navboard 16
1 EDB exploit
NA
CVE-2007-2643
Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter.
Pinkcrow Designs Designs Gallery Magazin 2.0
1 EDB exploit
NA
CVE-2007-2647
Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_...
Monalbum Monalbum 0.8.7
1 EDB exploit
NA
CVE-2007-2145
The imagecomments function in classes.php in MiniGal b13 allows remote malicious users to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information.
Minigal Minigal B13
1 EDB exploit
NA
CVE-2007-2154
PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote malicious users to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.
Cabron Connector Cabron Connector
1 EDB exploit
NA
CVE-2007-2157
Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Zomplog Zomplog 3.8
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »