Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
charles fol vulnerabilities and exploits
(subscribe to this query)
1000
VMScore
CVE-2008-6833
Directory traversal vulnerability in commsrss.php in fuzzylime (cms) prior to 3.01b allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter.
Fuzzylime Fuzzylime \\(cms\\) 3.0.1a
Fuzzylime Fuzzylime \\(cms\\) 3.0
Fuzzylime Fuzzylime \\(cms\\) 3.0.1
1 EDB exploit
760
VMScore
CVE-2008-7124
zKup CMS 2.0 up to and including 2.3 does not require administrative authentication for admin/configuration/modifier.php, which allows remote malicious users to gain administrator privileges via a direct request, as demonstrated by adding a new administrator.
Zkup Zkup 2.03
Zkup Zkup 2.01
Zkup Zkup 2.02
Zkup Zkup 2.0
2 EDB exploits
760
VMScore
CVE-2007-2556
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote malicious users to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.
Nuked-klan Nuked-klan 1.7.6
2 EDB exploits
755
VMScore
CVE-2008-1507
PEEL, possibly 3.x and previous versions, has (1) a default info@peel.fr account with password admin, and (2) a default contact@peel.fr account with password cinema, which allows remote malicious users to gain administrative access.
Peel Peel
Peel Peel 1.0b
Peel Peel 2.6
Peel Peel 2.7
1 EDB exploit
755
VMScore
CVE-2008-1496
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and previous versions, allow remote malicious users to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commande...
Peel Peel 1.0b
Peel Peel 2.6
Peel Peel 2.7
1 EDB exploit
727
VMScore
CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent ...
Apache Http Server
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Opensuse Leap 42.3
Opensuse Leap 15.0
1 EDB exploit
7 Github repositories
1 Article
703
VMScore
CVE-2019-6340
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x prior to 8.5.11 and Drupal 8.6.x prior to 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site ...
Drupal Drupal
3 EDB exploits
28 Github repositories
1 Article
685
VMScore
CVE-2019-6977
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1, has a heap-based buffer overflow. This can be exploited by an ...
Libgd Libgd 2.2.5
Php Php 7.3.0
Php Php
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Netapp Storage Automation Store
1 EDB exploit
685
VMScore
CVE-2008-7123
Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 up to and including 2.3 allows remote malicious users to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the ...
Zkup Zkup 2.0
Zkup Zkup 2.01
Zkup Zkup 2.02
Zkup Zkup 2.03
1 EDB exploit
685
VMScore
CVE-2008-6657
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 prior to 1.0.15 and 1.1 prior to 1.1.7 allows remote malicious users to hijack the authentication of admins for requests that install packages via the package parameter in an install2 ...
Simple Machines Simple Machines Forum 1.0.5
Simple Machines Simple Machines Forum 1.0.12
Simple Machines Simple Machines Forum 1.1.3
Simple Machines Simple Machines Forum 1.1.4
Simple Machines Simple Machines Forum 1.1 Rc1
Simple Machines Simple Machines Forum 1.1 Rc2
Simple Machines Simple Machines Forum 1.1.1
Simple Machines Simple Machines Forum 1.0.11
Simple Machines Simple Machines Forum 1.1 Rc3
Simple Machines Simple Machines Forum 1.1.2
Simple Machines Simple Machines Forum 1.0.6
Simple Machines Simple Machines Forum 1.0.7
Simple Machines Simple Machines Forum 1.1.5
Simple Machines Simple Machines Forum 1.1.6
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »