Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qabandi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-1742
code.php in PC4Arb Pc4 Uploader 9.0 and previous versions makes it easier for remote malicious users to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON"...
Pc4arb Pc4 Uploader
1 EDB exploit
7.5
CVSSv2
CVE-2009-3949
cp/profile.php in VivaPrograms Infinity 2.0.5 and previous versions does not require administrative authentication for the donewauthor action, which allows remote malicious users to create administrative accounts via the name, password, and conf_password parameters.
Vivaprograms Infinity Script
Vivaprograms Infinity Script 2.0.0
1 EDB exploit
4.3
CVSSv2
CVE-2009-3823
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter.
Ac4p Mobilelib Gold 3.0
1 EDB exploit
6.8
CVSSv2
CVE-2009-2605
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote malicious users to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
Traidnt Traidnt Up 2.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-3430
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a login action.
Allomani Mobile 2.5
1 EDB exploit
5.1
CVSSv2
CVE-2009-4725
Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and previous versions, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the...
Arabportal Arab Portal
1 EDB exploit
7.5
CVSSv2
CVE-2009-4734
SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a login action.
Allomani Movies Library 2.7.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-2585
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote malicious users to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.
Mlffat Mlffat 2.2
1 EDB exploit
7.8
CVSSv2
CVE-2009-2922
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 up to and including 2.3.5 allows remote malicious users to read arbitrary files via a base64-encoded file parameter.
Pixaria Pixaria Gallery 2.3.5
Pixaria Pixaria Gallery 2.0.0
1 EDB exploit
7.5
CVSSv2
CVE-2008-4622
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote malicious users to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
Phpfastnews Phpfastnews 1.0.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »