Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kacper vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2007-6172
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote malicious users to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.
Wire Plastic Design Wpquiz 2.7
1 EDB exploit
10
CVSSv2
CVE-2006-7183
PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the toroot parameter.
Photography-on-the-net Exhibit Engine 2
1 EDB exploit
10
CVSSv2
CVE-2007-1643
Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR par...
Lan Management System Lan Management System
1 EDB exploit
9.3
CVSSv2
CVE-2006-6869
Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and previous versions, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) ...
Maxdev Mdforum
1 EDB exploit
7.5
CVSSv2
CVE-2017-11151
A vulnerability in synotheme_upload.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to upload arbitrary files without authentication via the logo_upload action.
Synology Photo Station
Synology Photo Station 6.3-2967
1 EDB exploit
7.5
CVSSv2
CVE-2017-11153
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to gain administrator privileges via a crafted serialized payload.
Synology Photo Station 6.3-2967
Synology Photo Station
1 EDB exploit
7.5
CVSSv2
CVE-2017-11346
Zoho ManageEngine Desktop Central before build 100092 allows remote malicious users to execute arbitrary code via vectors involving the upload of help desk videos.
Zohocorp Manageengine Desktop Central
1 EDB exploit
7.5
CVSSv2
CVE-2014-9254
bb_func_unsub.php in MiniBB 3.1 prior to 20141127 uses an incorrect regular expression, which allows remote malicious users to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
Minibb Minibb
1 EDB exploit
7.5
CVSSv2
CVE-2014-9173
SQL injection vulnerability in view.php in the Google Doc Embedder plugin prior to 2.5.15 for WordPress allows remote malicious users to execute arbitrary SQL commands via the gpid parameter.
Google Doc Embedder Project Google Doc Embedder
2 EDB exploits
7.5
CVSSv2
CVE-2013-0209
lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x up to and including 4.38 does not require authentication for requests to database-migration functions, which allows remote malicious users to conduct eval injection and SQL injection attacks via crafted parameters,...
Sixapart Movable Type 4.21
Sixapart Movable Type 4.22
Sixapart Movable Type 4.23
Sixapart Movable Type 4.24
Sixapart Movable Type 4.35
Sixapart Movable Type 4.36
Sixapart Movable Type 4.361
Sixapart Movable Type 4.37
Sixapart Movable Type 4.38
Sixapart Movable Type 4.25
Sixapart Movable Type 4.261
Sixapart Movable Type 4.32
Sixapart Movable Type 4.34
Sixapart Movable Type 4.28
Sixapart Movable Type 4.29
Sixapart Movable Type 4.291
Sixapart Movable Type 4.292
Sixapart Movable Type 4.26
Sixapart Movable Type 4.27
Sixapart Movable Type 4.31
Sixapart Movable Type 4.33
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »