Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netvigilance.com vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2007-3128
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the page parameter.
Ibm Websphere Portal 1.0
2.6
CVSSv2
CVE-2007-3129
Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote malicious users to inject arbitrary web script or HTML via the password parameter.
Utopia Software Utopia News Pro
6.8
CVSSv2
CVE-2007-3652
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote malicious users to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.
Fascript Faname 1.0
4.3
CVSSv2
CVE-2007-0607
W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote malicious users to obtain application path information via a direct request.
W-agora W-agora 4.2.1
5
CVSSv2
CVE-2007-4873
SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.
Simplenews Simplenews 2.41.03
5.1
CVSSv2
CVE-2007-0609
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote malicious users to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extensio...
Advanced Guestbook Advanced Guestbook 2.4.2
1 EDB exploit
4.3
CVSSv2
CVE-2007-4862
Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote malicious users to inject arbitrary web script or HTML via the config[news_url] parameter.
Quirm Saxon 5.4
1 EDB exploit
6.8
CVSSv2
CVE-2007-4863
SQL injection vulnerability in example.php in SAXON 5.4 allows remote malicious users to execute arbitrary SQL commands via the template parameter.
Quirm Saxon 5.4
1 EDB exploit
4.3
CVSSv2
CVE-2007-0605
Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote malicious users to inject arbitrary web script or HTML via the picture parameter.
Advanced Guestbook Advanced Guestbook 2.4.2
1 EDB exploit
5.8
CVSSv2
CVE-2007-1898
formmail.php in Jetbox CMS 2.1 allows remote malicious users to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
Jetbox Jetbox Cms 2.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »