Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liz0zim vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-6414
admin/administrator.php in Adult Script 1.6 and previous versions sends a redirect to the web browser but does not exit, which allows remote malicious users to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitr...
Adultscript Adultscript 1.6
1 EDB exploit
9.3
CVSSv2
CVE-2007-6082
Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote malicious users to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.
Sciurus Sciurus Hosting Panel 2.0.3
1 EDB exploit
6.8
CVSSv2
CVE-2007-1906
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
Ecardmax.com Hot Editor 4.0
Mybb Mybb Hot Editor Plugin
1 EDB exploit
7.5
CVSSv2
CVE-2006-5765
SQL injection vulnerability in rss.php in Article Script 1.6.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the category parameter.
Article Script Article Script
1 EDB exploit
7.5
CVSSv2
CVE-2006-3158
index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote malicious users to bypass security checks and upload or execute arbitrary php code via the add action.
Eduha Meeting Eduha Meeting
1 EDB exploit
4.3
CVSSv2
CVE-2006-1697
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote malicious users to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.
Matt Wright Matt Wright Guestbook
1 EDB exploit
2.6
CVSSv2
CVE-2006-1701
Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote malicious users to inject arbitrary web script or HTML via the page parameter to load.php.
Shadowed Portal Shadowed Portal
1 EDB exploit
4.3
CVSSv2
CVE-2006-1070
Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote malicious users to inject arbitrary web script or HTML via the f parameter.
Dvguestbook Dvguestbook 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2006-1071
Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote malicious users to inject arbitrary web script or HTML via the page parameter.
Dvguestbook Dvguestbook 1.2.2
1 EDB exploit
7.5
CVSSv2
CVE-2006-1007
Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remote malicious users to execute arbitrary SQL commands via the (1) dir and (2) page_id parameter to index.php.
Nathan Landry N8cms Sitesuite Cms 1.1
Nathan Landry N8cms Sitesuite Cms 1.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »