Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qabandi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2167
Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and previous versions, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter.
Egyplus 7ammel
1 EDB exploit
9.8
CVSSv3
CVE-2009-2168
cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and previous versions sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote malicious users to bypass authentication by providing arbitrary username and password pa...
Egyplus 7ammel
1 EDB exploit
NA
CVE-2009-2180
Multiple directory traversal vulnerabilities in upfiles/index.php in Pc4 Uploader 10.0 and previous versions allow remote malicious users to read arbitrary files via (1) a .. (dot dot) or (2) absolute path in the file parameter.
Pc4arb Pc4 Uploader 10.0
1 EDB exploit
NA
CVE-2009-2585
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote malicious users to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.
Mlffat Mlffat 2.2
1 EDB exploit
NA
CVE-2009-2605
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote malicious users to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
Traidnt Traidnt Up 2.0
1 EDB exploit
NA
CVE-2009-4987
admin/header.php in Scripteen Free Image Hosting Script 2.3 allows remote malicious users to bypass authentication and gain administrative access by setting the cookgid cookie value to 1, a different vector than CVE-2008-3211.
Scripteen Free Image Hosting Script 2.3
1 EDB exploit
NA
CVE-2009-3430
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a login action.
Allomani Mobile 2.5
1 EDB exploit
NA
CVE-2008-4622
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote malicious users to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
Phpfastnews Phpfastnews 1.0.0
1 EDB exploit
NA
CVE-2009-1742
code.php in PC4Arb Pc4 Uploader 9.0 and previous versions makes it easier for remote malicious users to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON"...
Pc4arb Pc4 Uploader
1 EDB exploit
NA
CVE-2009-3358
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote malicious users to execute arbitrary SQL commands via the user_id parameter.
Tourismscripts Adult Portal Escort Listing
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2