Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netvigilance.com vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2007-4873
SimpNews 2.41.03 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download arbitrary .inc files via a direct request, as demonstrated by admin/includes/dbtables.inc.
Simplenews Simplenews 2.41.03
605
VMScore
CVE-2007-3652
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote malicious users to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.
Fascript Faname 1.0
570
VMScore
CVE-2007-3128
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the page parameter.
Ibm Websphere Portal 1.0
231
VMScore
CVE-2007-3129
Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote malicious users to inject arbitrary web script or HTML via the password parameter.
Utopia Software Utopia News Pro
383
VMScore
CVE-2007-0607
W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote malicious users to obtain application path information via a direct request.
W-agora W-agora 4.2.1
515
VMScore
CVE-2007-0609
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote malicious users to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extensio...
Advanced Guestbook Advanced Guestbook 2.4.2
1 EDB exploit
435
VMScore
CVE-2007-4862
Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote malicious users to inject arbitrary web script or HTML via the config[news_url] parameter.
Quirm Saxon 5.4
1 EDB exploit
685
VMScore
CVE-2007-4863
SQL injection vulnerability in example.php in SAXON 5.4 allows remote malicious users to execute arbitrary SQL commands via the template parameter.
Quirm Saxon 5.4
1 EDB exploit
585
VMScore
CVE-2007-1898
formmail.php in Jetbox CMS 2.1 allows remote malicious users to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
Jetbox Jetbox Cms 2.1
1 EDB exploit
515
VMScore
CVE-2007-1899
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote malicious users to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via ...
Mywebland Mybloggie 2.1.6
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »