Allomani
Products
4- 3 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-4735 | 0.03 | — | 0.01 | Mar 18, 2010 | SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||
| CVE-2009-4734 | 0.03 | — | 0.01 | Mar 18, 2010 | SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||
| CVE-2009-3430 | 0.03 | — | 0.01 | Sep 25, 2009 | SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||
| CVE-2020-36502 | 0.00 | — | 0.01 | Oct 22, 2021 | Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself. | |||
| CVE-2018-18013 | 0.00 | — | 0.03 | Oct 24, 2018 | * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code… | |||
| CVE-2014-8593 | 0.00 | — | 0.02 | Nov 4, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php. | |||
| CVE-2014-8766 | 0.00 | — | 0.02 | Oct 14, 2014 | Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php. | |||
| CVE-2004-2019 | 0.00 | — | 0.02 | Dec 31, 2004 | The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. |
- CVE-2009-4735Mar 18, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
- CVE-2009-4734Mar 18, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
- CVE-2009-3430Sep 25, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
- CVE-2020-36502Oct 22, 2021risk 0.00cvss —epss 0.01
Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself.
- CVE-2018-18013Oct 24, 2018risk 0.00cvss —epss 0.03
* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code…
- CVE-2014-8593Nov 4, 2014risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php.
- CVE-2014-8766Oct 14, 2014risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php.
- CVE-2004-2019Dec 31, 2004risk 0.00cvss —epss 0.02
The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.