Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
undefined1_ vulnerabilities and exploits
(subscribe to this query)
760
VMScore
CVE-2007-5222
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote malicious users to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.
Maxdev Mdpro 1.0.76
2 EDB exploits
755
VMScore
CVE-2007-5062
account.php in Adam Scheinberg Flip 3.0 and previous versions allows remote malicious users to create administrative accounts via the un parameter in a register action.
Adam Scheinberg Flip
1 EDB exploit
505
VMScore
CVE-2007-5063
Adam Scheinberg Flip 3.0 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a file containing login credentials via a direct request for var/users.txt.
Adam Scheinberg Flip
1 EDB exploit
610
VMScore
CVE-2006-6879
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and previous versions allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
Php-update Php-update
2 EDB exploits
755
VMScore
CVE-2006-6878
admin/uploads.php in PHP-Update 2.7 and previous versions allows remote malicious users to gain privileges by setting the rights[7] parameter to 1 during a login action.
Php-update Php-update
1 EDB exploit
905
VMScore
CVE-2006-1668
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and previous versions allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter an...
Crafty Syntax Image Gallery Crafty Syntax Image Gallery
1 EDB exploit
755
VMScore
CVE-2006-1667
SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and previous versions allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable...
Crafty Syntax Image Gallery Crafty Syntax Image Gallery 3.1g
1 EDB exploit
655
VMScore
CVE-2006-1481
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.
Php Ticket Php Ticket 0.6
Php Ticket Php Ticket
Php Ticket Php Ticket 0.5
1 EDB exploit
510
VMScore
CVE-2006-1422
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and previous versions allows remote malicious users to execute arbitrary SQL commands via the event_id parameter.
Jjwwebdesign Phpbookingcalendar
2 EDB exploits
505
VMScore
CVE-2006-1412
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download the admin password file and obtain password hashes via a direct request to admin/passwd.
Tft Gallery Tft Gallery 0.10
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started