Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cold zero vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2008-0251
Unrestricted file upload vulnerability in PhotoPost vBGallery prior to 2.4.2 allows remote malicious users to upload and execute arbitrary files via unknown vectors.
Photopost Photopost Vbgallery
1 EDB exploit
6.5
CVSSv2
CVE-2008-7088
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a cer...
Photopost Photopost Vbgallery 2.4.2
1 EDB exploit
7.5
CVSSv2
CVE-2007-0568
PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote malicious users to execute arbitrary PHP code via a URL in the gl_root parameter.
Myphpcommander Myphpcommander 2.0
1 EDB exploit
5
CVSSv2
CVE-2008-5780
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the database file containing passwords via a direct request for blog.mdb.
Hostforest Forest Blog 1.3.2
1 EDB exploit
5
CVSSv2
CVE-2008-6057
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote malicious users to obtain passwords via a direct request.
Liberum Liberum Help Desk 0.97.3
1 EDB exploit
7.5
CVSSv2
CVE-2007-2941
Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote malicious users to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitema...
Michael Brandon Vbgsitemap 2.41
1 EDB exploit
6.8
CVSSv2
CVE-2007-2049
Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote malicious users to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.
Mambo Mambo Calendar 1.5.5
1 EDB exploit
7.5
CVSSv2
CVE-2007-4952
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote malicious users to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.
Omnistar Interactive Omnistar Article Manager
1 EDB exploit
7.5
CVSSv2
CVE-2007-3932
uploadimg.php in the Expose RC35 and previous versions (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote malicious users to upload and execute arbitrary PHP code in the img/ folder...
Joomla Expose
1 EDB exploit
7.5
CVSSv2
CVE-2007-3583
SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and previous versions allows remote malicious users to execute arbitrary SQL commands via the idnew parameter.
Girlserv Girlserv Ads
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »