Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elwaux vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-3825
Multiple directory traversal vulnerabilities in GenCMS 2006 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) p parameter to show.php and the (2) Template parameter to admin/pages/SiteNew.php.
Thomas Graber Gencms 2006
1 EDB exploit
NA
CVE-2009-3754
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php.
Kreotek Phpbms 0.96
1 EDB exploit
NA
CVE-2009-3755
Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) tabledefs_options.php, and ...
Kreotek Phpbms 0.96
1 EDB exploit
NA
CVE-2009-3756
phpBMS 0.96 allows remote malicious users to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message.
Kreotek Phpbms 0.96
1 EDB exploit
NA
CVE-2009-3149
Directory traversal vulnerability in _css/js.php in Elgg 1.5, when magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the js parameter. NOTE: some of these details are obtained from third party information.
Curveriderhq Elgg 1.5
1 EDB exploit
NA
CVE-2009-2383
SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote malicious users to execute arbitrary SQL commands via the guid parameter.
Blogtrafficexchange Related-sites 2.1
1 EDB exploit
NA
CVE-2009-2385
SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote malicious users to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some ...
Fustrate Member Awards 1.0.2
1 EDB exploit
NA
CVE-2009-2326
Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leverage...
Max Kervin Kervinet Forum
1 EDB exploit
NA
CVE-2009-2327
Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter.
Max Kervin Kervinet Forum
1 EDB exploit
NA
CVE-2009-2328
admin/edit_user.php in KerviNet Forum 1.1 and previous versions does not require administrative authentication, which allows remote malicious users to delete arbitrary accounts and conduct SQL injection attacks via the del_user_id parameter.
Max Kervin Kervinet Forum
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »