Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qabandi vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-4673
SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote malicious users to execute arbitrary SQL commands via the user_id parameter.
Mole-group Adult Portal Script -
1 EDB exploit
5.1
CVSSv2
CVE-2009-4725
Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and previous versions, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the...
Arabportal Arab Portal
1 EDB exploit
7.5
CVSSv2
CVE-2009-4734
SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a login action.
Allomani Movies Library 2.7.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-4735
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote malicious users to execute arbitrary SQL commands via the username parameter in a login action.
Allomani Audio \\& Video Library 2.7.0
1 EDB exploit
7.8
CVSSv2
CVE-2009-2922
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 up to and including 2.3.5 allows remote malicious users to read arbitrary files via a base64-encoded file parameter.
Pixaria Pixaria Gallery 2.3.5
Pixaria Pixaria Gallery 2.0.0
1 EDB exploit
4.3
CVSSv2
CVE-2009-3823
Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter.
Ac4p Mobilelib Gold 3.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-3949
cp/profile.php in VivaPrograms Infinity 2.0.5 and previous versions does not require administrative authentication for the donewauthor action, which allows remote malicious users to create administrative accounts via the name, password, and conf_password parameters.
Vivaprograms Infinity Script
Vivaprograms Infinity Script 2.0.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-4206
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Cmsnx Million Dollar Text Links
1 EDB exploit
3.5
CVSSv2
CVE-2009-2131
Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and previous versions allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a picture.
4homepages 4images 1.7.1
4homepages 4images 1.7
4homepages 4images 1.6.1
4homepages 4images 1.5
4homepages 4images 1.7.3
4homepages 4images 1.7.6
4homepages 4images 1.0
4homepages 4images 1.7.2
4homepages 4images 1.6
4homepages 4images 1.7.5
4homepages 4images 1.7.4
4homepages 4images
1 EDB exploit
6.8
CVSSv2
CVE-2009-2132
Directory traversal vulnerability in global.php in 4images prior to 1.7.7, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via directory traversal sequences in the l parameter.
4homepages 4images 1.6
4homepages 4images 1.5
4homepages 4images 1.7
4homepages 4images 1.7.3
4homepages 4images 1.7.5
4homepages 4images 1.7.4
4homepages 4images 1.0
4homepages 4images
4homepages 4images 1.7.1
4homepages 4images 1.7.2
4homepages 4images 1.6.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »