VYPR
Vendor

Allomani

Products
4
CVEs
8
Across products
8
Status
Private

Products

4

Recent CVEs

8
  • CVE-2009-4735Mar 18, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

  • CVE-2009-4734Mar 18, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

  • CVE-2009-3430Sep 25, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

  • CVE-2020-36502Oct 22, 2021
    risk 0.00cvss epss 0.01

    Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself.

  • CVE-2018-18013Oct 24, 2018
    risk 0.00cvss epss 0.03

    * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code…

  • CVE-2014-8593Nov 4, 2014
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter to admin.php or (3) go.php.

  • CVE-2014-8766Oct 14, 2014
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php.

  • CVE-2004-2019Dec 31, 2004
    risk 0.00cvss epss 0.02

    The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.