Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
charles fol vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2008-6833
Directory traversal vulnerability in commsrss.php in fuzzylime (cms) prior to 3.01b allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter.
Fuzzylime Fuzzylime \\(cms\\) 3.0.1a
Fuzzylime Fuzzylime \\(cms\\) 3.0
Fuzzylime Fuzzylime \\(cms\\) 3.0.1
1 EDB exploit
7.5
CVSSv2
CVE-2022-26318
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS prior to 12.7.2_U2, 12.x prior to 12.1.3_U8, and 12.2.x up to and including 12.5.x prior to 12.5.9_U2.
Watchguard Fireware
Watchguard Fireware 12.1.3
Watchguard Fireware 12.7.2
Watchguard Fireware 12.5.9
2 Github repositories
7.5
CVSSv2
CVE-2008-7124
zKup CMS 2.0 up to and including 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote malicious users to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
Zkup Zkup 2.03
Zkup Zkup 2.01
Zkup Zkup 2.02
Zkup Zkup 2.0
2 EDB exploits
7.5
CVSSv2
CVE-2008-1507
PEEL, possibly 3.x and previous versions, has (1) a default info@peel.fr account with password admin, and (2) a default contact@peel.fr account with password cinema, which allows remote malicious users to gain administrative access.
Peel Peel
Peel Peel 1.0b
Peel Peel 2.6
Peel Peel 2.7
1 EDB exploit
7.5
CVSSv2
CVE-2008-1496
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and previous versions, allow remote malicious users to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commande...
Peel Peel 1.0b
Peel Peel 2.6
Peel Peel 2.7
1 EDB exploit
7.5
CVSSv2
CVE-2007-2556
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote malicious users to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.
Nuked-klan Nuked-klan 1.7.6
2 EDB exploits
7.2
CVSSv2
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent ...
Apache Http Server
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Opensuse Leap 42.3
Opensuse Leap 15.0
1 EDB exploit
7 Github repositories
1 Article
6.8
CVSSv2
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vul...
Php Php
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.8
CVSSv2
CVE-2019-6340
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x prior to 8.5.11 and Drupal 8.6.x prior to 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site ...
Drupal Drupal
3 EDB exploits
28 Github repositories
1 Article
6.8
CVSSv2
CVE-2019-6977
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1, has a heap-based buffer overflow. This can be exploited by an ...
Libgd Libgd 2.2.5
Php Php 7.3.0
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Netapp Storage Automation Store
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »