Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qabandi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2922
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 up to and including 2.3.5 allows remote malicious users to read arbitrary files via a base64-encoded file parameter.
Pixaria Pixaria Gallery 2.3.5
Pixaria Pixaria Gallery 2.0.0
1 EDB exploit
NA
CVE-2009-2132
Directory traversal vulnerability in global.php in 4images prior to 1.7.7, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the l parameter.
4homepages 4images 1.6
4homepages 4images 1.5
4homepages 4images 1.7
4homepages 4images 1.7.3
4homepages 4images 1.7.5
4homepages 4images 1.7.4
4homepages 4images 1.0
4homepages 4images
4homepages 4images 1.7.1
4homepages 4images 1.7.2
4homepages 4images 1.6.1
1 EDB exploit
NA
CVE-2009-1742
code.php in PC4Arb Pc4 Uploader 9.0 and previous versions makes it easier for remote malicious users to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON"...
Pc4arb Pc4 Uploader
1 EDB exploit
NA
CVE-2009-3430
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a login action.
Allomani Mobile 2.5
1 EDB exploit
NA
CVE-2009-2605
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote malicious users to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
Traidnt Traidnt Up 2.0
1 EDB exploit
NA
CVE-2009-4206
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Cmsnx Million Dollar Text Links
1 EDB exploit
NA
CVE-2009-4735
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a login action.
Allomani Audio \\& Video Library 2.7.0
1 EDB exploit
NA
CVE-2009-4673
SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote malicious users to execute arbitrary SQL commands via the user_id parameter.
Mole-group Adult Portal Script -
1 EDB exploit
NA
CVE-2009-4987
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote malicious users to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.
Scripteen Free Image Hosting Script 2.3
1 EDB exploit
NA
CVE-2009-2131
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and previous versions allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
4homepages 4images 1.7.1
4homepages 4images 1.7
4homepages 4images 1.6.1
4homepages 4images 1.5
4homepages 4images 1.7.3
4homepages 4images 1.7.6
4homepages 4images 1.0
4homepages 4images 1.7.2
4homepages 4images 1.6
4homepages 4images 1.7.5
4homepages 4images 1.7.4
4homepages 4images
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »