Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file inclusion vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2009-4739
PHP remote file inclusion vulnerability in index.php in SkaDate Dating allows remote malicious users to execute arbitrary PHP code via a URL in the language_id parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequenc...
Skadate Skadate Online Dating Software
1 EDB exploit
760
VMScore
CVE-2006-4278
PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote malicious users to execute arbitrary PHP code via a URL in the mainnav parameter.
Sportsphool Sportsphool 1.0
2 EDB exploits
505
VMScore
CVE-2009-4700
Directory traversal vulnerability in index.php in SkaDate Dating allows remote malicious users to read arbitrary files via a .. (dot dot) in the layout parameter.
Skadate Skadate Online Dating Software 5.0
Skadate Skadate Online Dating Software
Skadate Skadate Online Dating Software 6.482
Skadate Skadate Online Dating Software 6.0
1 EDB exploit
685
VMScore
CVE-2009-4543
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote malicious users to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. ...
Cromosoft Facil Helpdesk 2.3
1 EDB exploit
435
VMScore
CVE-2009-4699
Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.
Skadate Skadate Online Dating Software 6.0
Skadate Skadate Online Dating Software 6.482
Skadate Skadate Online Dating Software
Skadate Skadate Online Dating Software 5.0
1 EDB exploit
515
VMScore
CVE-2009-0595
PHP remote file inclusion vulnerability in skysilver/login.tpl.php in phpSkelSite 1.4, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary PHP code via a URL in the theme parameter.
Phpskelsite Phpskelsite 1.4
1 EDB exploit
685
VMScore
CVE-2009-2218
Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents...
David Degner Phpcollegeexchange 0.1.5c
1 EDB exploit
505
VMScore
CVE-2014-6308
Directory traversal vulnerability in OSClass prior to 3.4.2 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.
Osclass Osclass
Osclass Osclass 3.4.0
1 EDB exploit
435
VMScore
CVE-2009-0594
Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1.4 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO.
Apmuthu Phpskelsite 1.4
1 EDB exploit
505
VMScore
CVE-2013-3739
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
Network-weathermap .network Weathermap
Network-weathermap .network Weathermap 0.97
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »