Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cr4wl3r vulnerabilities and exploits
(subscribe to this query)
690
VMScore
CVE-2009-4435
Multiple directory traversal vulnerabilities in F3Site 2009 allow remote malicious users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[nlang] parameter to (1) mod/poll.php and (2) mod/new.php.
Compmaster.prv.pl F3site 2009
2 EDB exploits
435
VMScore
CVE-2010-1112
Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote malicious users to inject arbitrary web script or HTML via the cat parameter.
Tristan Barczyk Klonews 2.0
1 EDB exploit
755
VMScore
CVE-2009-4779
Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/.
Robert Garrigos Nukehall
Robert Garrigos Nukehall 0.2.1
Robert Garrigos Nukehall 0.3
Robert Garrigos Nukehall 0.2
1 EDB exploit
685
VMScore
CVE-2010-1346
SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
Ribafs Mini Cms Ribafs 1.0
1 EDB exploit
755
VMScore
CVE-2010-1366
Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password parameters.
Uiga Fan Club 1.0
1 EDB exploit
755
VMScore
CVE-2010-2134
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter.
Http-solution Project Man 1.0
1 EDB exploit
685
VMScore
CVE-2010-2138
Multiple directory traversal vulnerabilities in ProMan 0.1.1 and previous versions allow remote malicious users to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) m...
Giaard Proman 0.1.0
Giaard Proman
1 EDB exploit
685
VMScore
CVE-2010-1737
PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary PHP code via a URL in the config[gfwroot] parameter.
Carlos Eduardo Sotelo Pinto 0.1.0
1 EDB exploit
755
VMScore
CVE-2009-4220
PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter.
Raphael Mazoyer Pointcomma 3.8
Raphael Mazoyer Pointcomma 3.1.1
Raphael Mazoyer Pointcomma 3.1
Raphael Mazoyer Pointcomma 3.5
Raphael Mazoyer Pointcomma 3.51
Raphael Mazoyer Pointcomma 3.6
Raphael Mazoyer Pointcomma 3.53
Raphael Mazoyer Pointcomma
1 EDB exploit
755
VMScore
CVE-2009-4223
PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
Gianni Tommasi Kr-php Web Content Server
Gianni Tommasi Kr-php Web Content Server 1.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »