Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ka0x vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-0329
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote malicious users to accept comments, delete comments, and delete articles via the id parameter.
Julien Plesniak Lulieblog 1.0.1
Julien Plesniak Lulieblog 1.0.2
1 EDB exploit
7.5
CVSSv2
CVE-2007-5123
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote malicious users to execute arbitrary SQL commands via the nota_id parameter.
Solidweb Novus 1.0
1 EDB exploit
6.8
CVSSv2
CVE-2007-5408
SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote malicious users to execute arbitrary SQL commands via the category parameter.
Cplinks Cpdynalinks 1.02
1 EDB exploit
7.5
CVSSv2
CVE-2008-0918
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote malicious users to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the prov...
Astats Astatspro 1.0.1
Joomla Com Astatspro 1.0.1
1 EDB exploit
7.5
CVSSv2
CVE-2008-4134
PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and previous versions, and possibly other versions prior to 0.05, allows remote malicious users to execute arbitrary PHP code via a URL in the INC parameter.
Phprealty Phprealty 0.023
Phprealty Phprealty 0.022
Phprealty Phprealty
Phprealty Phprealty 0.021
1 EDB exploit
6.8
CVSSv2
CVE-2008-4145
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the category_id parameter.
Addalink Addalink
1 EDB exploit
7.5
CVSSv2
CVE-2007-6128
SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote malicious users to execute arbitrary SQL commands via the idevent parameter.
Flor De Utopia Workingonweb 2.0.1400
1 EDB exploit
7.5
CVSSv2
CVE-2008-0839
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Astats Astatspro 1.0
Joomla Com Astatspro 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-0219
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote malicious users to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.
Php Webquest Php Webquest 2.6
1 EDB exploit
6.8
CVSSv2
CVE-2008-0254
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the userName parameter.
Wavelink Media Tutorialcms 1.02
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »