Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dj7xpl vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2007-4934
Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote malicious users to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php.
Phpffl Phpffl 1.24
1 EDB exploit
7.5
CVSSv2
CVE-2007-1933
Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.
Dreamcodes Pcp-guestbook 3.0
1 EDB exploit
6.8
CVSSv2
CVE-2007-1937
PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote malicious users to execute arbitrary PHP code via a URL in the config parameter.
Dreamcodes Scorp Book 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2007-1998
Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote malicious users to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.
Hiox India Guest Book 4.0
1 EDB exploit
6.8
CVSSv2
CVE-2007-1908
PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote malicious users to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.
Php121 Php121 Instant Messenger 2.2
1 EDB exploit
4.3
CVSSv2
CVE-2007-1479
Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote malicious users to inject arbitrary web script or HTML via an unspecified parameter.
Creative Guestbook Creative Guestbook 1.0
1 EDB exploit
5
CVSSv2
CVE-2007-1487
Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action.
Cyber Inside Weblog
Cyberteddy Weblog
Sascha Schroeder Weblog
1 EDB exploit
7.5
CVSSv2
CVE-2007-3403
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote malicious users to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
Dreamlog Dreamlog 0.5
1 EDB exploit
10
CVSSv2
CVE-2008-0246
admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote malicious users to gain administrator privileges via the pass parameter in a nopass (Set Password) action.
Uploadscript Uploadscript 1.0
Uploadscript Uploadimage 1.0
1 EDB exploit
10
CVSSv2
CVE-2007-1795
JCcorp URLshrink 1.3.1 allows remote malicious users to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Jccorp Urlshrink 1.3.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »