Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
staker vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2009-1936
_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote malicious users to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PH...
Cpcommerce Project Cpcommerce
1 EDB exploit
NA
CVE-2009-4106
Unrestricted file upload vulnerability in admintools/editpage-2.php in Agoko CMS 0.4 and previous versions allows remote malicious users to inject and execute arbitrary PHP code via the filename and text parameters.
Ohloh Agoko Cms
1 EDB exploit
NA
CVE-2008-7069
All Club CMS (ACCMS) 0.0.2 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain database configuration information, including credentials, via a direct request to accms.dat.
Paul Arbogast Accms 0.0.1c
Paul Arbogast Accms 0.0.1a
Paul Arbogast Accms
Paul Arbogast Accms 0.0.1h
Paul Arbogast Accms 0.0.1f
Paul Arbogast Accms 0.0.1g
Paul Arbogast Accms 0.0.1d
Paul Arbogast Accms 0.0.1e
1 EDB exploit
NA
CVE-2008-6952
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the c parameter.
Cms.maury91 Maurycms 0.53.2
1 EDB exploit
NA
CVE-2008-6907
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated b...
2532gigs 2532gigs 1.2.2
1 EDB exploit
NA
CVE-2009-2177
code/display.php in fuzzylime (cms) 3.03a and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to conduct directory traversal attacks and overwrite arbitrary files via a "....//" (dot dot) in the s parameter, which is collapsed into a ...
Fuzzylime Fuzzylime Cms 3.03a
1 EDB exploit
NA
CVE-2009-2176
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a and previous versions, when magic_quotes_gpc is disabled, allow remote malicious users to include and execute arbitrary local files via directory traversal sequences in the (1) list parameter to code/confirm.ph...
Fuzzylime Fuzzylime Cms 3.03a
1 EDB exploit
NA
CVE-2009-2147
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Phpwebthings Phpwebthings 1.0
Phpwebthings Phpwebthings 0.3
Phpwebthings Phpwebthings 0.2b
Phpwebthings Phpwebthings 0.2
Phpwebthings Phpwebthings 0.1
Phpwebthings Phpwebthings
Phpwebthings Phpwebthings 1.1a
Phpwebthings Phpwebthings 1.4
Phpwebthings Phpwebthings 0.4.1
Phpwebthings Phpwebthings 0.4
Phpwebthings Phpwebthings 1.4.4
Phpwebthings Phpwebthings 1.5.0
Phpwebthings Phpwebthings 1.5.1
Phpwebthings Phpwebthings 0.4.2
Phpwebthings Phpwebthings 0.6.0
1 EDB exploit
NA
CVE-2008-6805
Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php.
Micgr Mic Blog 0.0.3
1 EDB exploit
NA
CVE-2008-6795
SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote malicious users to execute arbitrary SQL commands via the nID parameter.
Niclor Vibro-school-cms
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »