Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
securitylab.ir vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2558
system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote malicious users to post news messages via a direct request.
Adminnewstools Admin News Tools 2.5
1 EDB exploit
NA
CVE-2009-1446
Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of...
Elkagroup Image Gallery 1.0
1 EDB exploit
NA
CVE-2009-1622
SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote malicious users to execute arbitrary SQL commands via the order_sn parameter in an order_query action.
Ecshop Ecshop 2.5.0
1 EDB exploit
NA
CVE-2009-2915
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote malicious users to execute arbitrary SQL commands via the gameid parameter in a content action.
2fly Gift Delivery System 6.0
1 EDB exploit
NA
CVE-2009-3124
Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote malicious users to read arbitrary files via a .. (dot dot) in the tf parameter.
Ipmotor Quarkmail -
1 EDB exploit
NA
CVE-2009-3173
Unrestricted file upload vulnerability in admin/add_album.php in The Rat CMS Alpha 2 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/.
Theratstudios The Rat Cms 2
1 EDB exploit
NA
CVE-2009-1764
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote malicious users to execute arbitrary SQL commands via the id parameter in a digg action.
Bokecc Maxcms 2.0
1 EDB exploit
NA
CVE-2009-1818
SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote malicious users to execute arbitrary SQL commands via an m_username cookie in an add action.
Maxcms Maxcms 2.0
1 EDB exploit
NA
CVE-2009-4665
Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Cutesoft Components Cute Editor For Asp.net
1 EDB exploit
NA
CVE-2009-2557
Directory traversal vulnerability in system/download.php in Admin News Tools 2.5 allows remote malicious users to read arbitrary files via a .. (dot dot) in the fichier parameter.
Adminnewstools Admin News Tools 2.5
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »