Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
girex vulnerabilities and exploits
(subscribe to this query)
515
VMScore
CVE-2009-1948
Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote malicious users to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filenam...
Unclassified Newsboard 1.6.4
1 EDB exploit
785
VMScore
CVE-2009-1949
import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote malicious users to obtain sensitive information via a direct request, which reveals the installation path in an error message.
Unclassified Newsboard 1.6.4
1 EDB exploit
755
VMScore
CVE-2008-3153
SQL injection vulnerability in Triton CMS Pro allows remote malicious users to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
Tritoncms Triton Cms Pro
1 EDB exploit
685
VMScore
CVE-2008-1553
Directory traversal vulnerability in mod.php in TopperMod 1.0 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the to parameter.
Topper Toppermod 1.0
1 EDB exploit
685
VMScore
CVE-2008-1554
SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism.
Topper Toppermod 2.0
1 EDB exploit
755
VMScore
CVE-2008-7064
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and previous versions, as used in QSF Portal prior to 1.4.5, when running on Windows, allows remote malicious users to include and execute arbitrary local files via a "\"...
Quicksilver Forums Quicksilver Forums 1.4.2
1 EDB exploit
505
VMScore
CVE-2008-6537
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote malicious users to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
Lightneasy Lightneasy 1.2
1 EDB exploit
505
VMScore
CVE-2008-6590
Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote malicious users to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php.
Lightneasy Lightneasy 1.2.2
Sqlite Sqlite 1.2.2
1 EDB exploit
755
VMScore
CVE-2008-6592
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and previous versions, allows remote malicious users to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_...
Sqlite Sqlite 1.2.2
Lightneasy Lightneasy 1.2.2
1 EDB exploit
755
VMScore
CVE-2008-6593
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and previous versions allows remote malicious users to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.
Lightneasy Lightneasy 1.2.2
Sqlite Sqlite 1.2.2
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »