Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
injector5 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-6367
Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/.
Socialgroupie Social Groupie -
1 EDB exploit
NA
CVE-2008-6518
Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request.
Vidiscript Vidiscript -
1 EDB exploit
NA
CVE-2008-7117
eledicss.php in WeBid auction script 0.5.4 allows remote malicious users to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
Webidsupport Webid 0.5.4
1 EDB exploit
NA
CVE-2008-7118
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain SQL query logs via a direct request for logs/cron.log.
Webidsupport Webid 0.5.4
1 EDB exploit
NA
CVE-2008-5921
SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Umerinc Songs Portal
1 EDB exploit
NA
CVE-2008-6003
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote malicious users to execute arbitrary SQL commands via the seller_id parameter.
Aj Square Aj Auction 2.0
1 EDB exploit
NA
CVE-2008-6004
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote malicious users to inject arbitrary web script or HTML via the product parameter.
Aj Square Aj Auction 2.0
1 EDB exploit
NA
CVE-2008-6225
SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote malicious users to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread...
Mole-group Airline Ticket Sale Script -
1 EDB exploit
NA
CVE-2008-2537
SQL injection vulnerability in cat.php in HispaH Model Search allows remote malicious users to execute arbitrary SQL commands via the cat parameter.
Hispah Model Search
1 EDB exploit
NA
CVE-2008-7021
Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unsp...
Availscript Jobs Portal Script -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »