Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
x0r vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-4807
Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote malicious users to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to view.php.
Graugon Php Article Publisher 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2009-0107
Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote malicious users to inject arbitrary web script or HTML via the user_id parameter.
Phpauctions Phpauctions Nil
1 EDB exploit
5
CVSSv2
CVE-2009-0866
pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to download a database via a direct request for extra/genbackup.php.
Phnews Phnews 1
1 EDB exploit
7.5
CVSSv2
CVE-2008-6623
SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and previous versions allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Webbdomain Post Card 1.01
Webbdomain Post Card
1 EDB exploit
7.5
CVSSv2
CVE-2009-0740
SQL injection vulnerability in login.php in BlueBird Prelease allows remote malicious users to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Frankmancuso Bluebird Pre-release
1 EDB exploit
7.5
CVSSv2
CVE-2009-0750
SQL injection vulnerability in login.php in the smNews example script for txtSQL 2.2 Final allows remote malicious users to execute arbitrary SQL commands via the username parameter.
Tombstone Smnews -
1 EDB exploit
7.5
CVSSv2
CVE-2009-0738
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote malicious users to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Frankmancuso Auth Php 1.0
1 EDB exploit
7.5
CVSSv2
CVE-2009-0739
SQL injection vulnerability in login.php in MyNews 0.10 allows remote malicious users to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Frankmancuso Mynews 0.10
1 EDB exploit
6.8
CVSSv2
CVE-2008-6730
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter...
China-on-site Flexphplink 0.0.7
China-on-site Flexphplink 0.0.6
1 EDB exploit
6.8
CVSSv2
CVE-2008-6750
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.
China-on-site Flexphpdirectory 0.0.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »