Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pepelux vulnerabilities and exploits
(subscribe to this query)
940
VMScore
CVE-2008-4499
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and previous versions allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
Php Web Explorer Php Web Explorer Lite
Php Web Explorer Php Web Explorer Lite 0.99a
2 EDB exploits
755
VMScore
CVE-2008-6083
Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
Txtshop Txtshop 1.0
1 EDB exploit
505
VMScore
CVE-2008-4146
Addalink 1.0 beta 4 and previous versions allows remote malicious users to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field.
Addalink Addalink
1 EDB exploit
435
VMScore
CVE-2008-6012
Directory traversal vulnerability in index.php in Pritlog 0.4 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter in a viewEntry action.
Hardkap Pritlog
Hardkap Pritlog 0.3
Hardkap Pritlog 0.2
1 EDB exploit
755
VMScore
CVE-2008-6180
SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and previous versions, and possibly 3.3.1, allows remote malicious users to execute arbitrary SQL commands via the nlb3 cookie.
Newlife Blogger Newlife Blogger
Newlife Blogger Newlife Blogger 3.3.1
1 EDB exploit
755
VMScore
CVE-2008-4341
add.php in MyBlog 0.9.8 and previous versions allows remote malicious users to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin.
Myblog Myblog
1 EDB exploit
685
VMScore
CVE-2008-4484
main.php in Crux Gallery 1.32 and previous versions allows remote malicious users to gain administrative access by setting the name parameter to "users," as demonstrated via index.php.
Crux Software Gallery 1.31
Crux Software Gallery 1.30
Crux Software Gallery 1.2
Crux Software Gallery 1.1
Crux Software Gallery 1.0
Crux Software Gallery
Crux Software Gallery 1.32
1 EDB exploit
755
VMScore
CVE-2008-6001
index.php in ADN Forum 1.0b and previous versions allows remote malicious users to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string.
Adnforum Adnforum
1 EDB exploit
515
VMScore
CVE-2008-6074
Directory traversal vulnerability in frame.php in phpcrs 2.06 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the importFunction parameter.
Phpcrs Phpcrs 2.05
Phpcrs Phpcrs 2.04
Phpcrs Phpcrs 2.01
Phpcrs Phpcrs 2.00
Phpcrs Phpcrs 2.03
Phpcrs Phpcrs 2.02
Phpcrs Phpcrs 1.01
Phpcrs Phpcrs
1 EDB exploit
685
VMScore
CVE-2008-7024
admin.php in Arz Development The Gemini Portal 4.7 and previous versions allows remote malicious users to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."
Arzdev Gemini Lite 3.6
Arzdev Gemini Portal 4.7
Arzdev Gemini Lite 3.5
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »