Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gammarays vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-2149
Stephen Craton (aka WiredPHP) Chatness 2.5.3 and previous versions stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the ...
Stephen Craton Chatness
1 EDB exploit
NA
CVE-2007-2141
Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote malicious users to inject arbitrary PHP code into shouts.php via the shout parameter.
Shoutpro Shoutpro
1 EDB exploit
NA
CVE-2007-2147
admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and previous versions does not check for administrative credentials, which allows remote malicious users to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.
Stephen Craton Chatness
1 EDB exploit
NA
CVE-2007-2092
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote malicious users to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained sole...
Limesoft Limesoft Guestbook 1.0
1 EDB exploit
NA
CVE-2007-2093
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote malicious users to inject arbitrary PHP code into posts.txt via the message parameter.
Limesoft Limesoft Guestbook 1.0
1 EDB exploit
NA
CVE-2007-2148
Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and previous versions allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, wh...
Stephen Craton Chatness
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started