Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arbitrary vulnerabilities and exploits
(subscribe to this query)
505
VMScore
CVE-2008-6815
mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote malicious users to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup.
Myktools Myktools 2.4
1 EDB exploit
685
VMScore
CVE-2008-6911
SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.i...
Brewblogger Brewblogger 2.1.0.1
1 EDB exploit
685
VMScore
CVE-2008-6918
Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/.
Theportal2.pl Theportal2 2.2
1 EDB exploit
755
VMScore
CVE-2008-6952
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the c parameter.
Cms.maury91 Maurycms 0.53.2
1 EDB exploit
685
VMScore
CVE-2008-6660
Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote malicious users to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of...
Ozerov Bigdump 029b
1 EDB exploit
935
VMScore
CVE-2008-6731
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
China-on-site Flexphplink 0.0.7
1 EDB exploit
505
VMScore
CVE-2014-9436
Absolute path traversal vulnerability in SysAid On-Premise prior to 14.4.2 allows remote malicious users to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
Sysaid Sysaid
1 EDB exploit
534
VMScore
CVE-2014-3782
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear prior to 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some ...
Dotclear Dotclear 2.6.1
Dotclear Dotclear 2.6
Dotclear Dotclear
187
VMScore
CVE-2015-6591
Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and previous versions allows local users to read arbitrary files via the s parameter.
Freereprintables Articlefr
755
VMScore
CVE-2009-3949
cp/profile.php in VivaPrograms Infinity 2.0.5 and previous versions does not require administrative authentication for the donewauthor action, which allows remote malicious users to create administrative accounts via the name, password, and conf_password parameters.
Vivaprograms Infinity Script
Vivaprograms Infinity Script 2.0.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »