Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6313 | 1 Phpaddedit | 1 Phpaddedit | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter. NOTE: PHP remote file inclusion attacks are also likely. | |||||
| CVE-2008-6314 | 1 Phpbb | 2 Phpbb, Tag Board | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | |||||
| CVE-2008-6315 | 1 Phpmygallery | 1 Phpmygallery | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316. | |||||
| CVE-2008-6316 | 1 Phpmygallery | 1 Phpmygallery | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than CVE-2008-6318. | |||||
| CVE-2008-6317 | 1 Phpmygallery | 1 Phpmygallery | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316. | |||||
| CVE-2008-6318 | 1 Phpmygallery | 1 Phpmygallery | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317. | |||||
| CVE-2008-6319 | 1 Cfmsource | 1 Cf Calendar | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |||||
| CVE-2008-6320 | 1 Cfshopkart | 1 Cf Shopkart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows remote attackers to execute arbitrary SQL commands via the Category parameter in a ViewCategory action. | |||||
| CVE-2008-6321 | 1 Cfshopkart | 1 Cf Shopkart | 2017-09-29 | 5.0 MEDIUM | N/A |
| CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | |||||
| CVE-2008-6322 | 1 Cfmsource | 1 Cfmblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||||
| CVE-2008-6323 | 1 Cfmsource | 1 Cf Auction | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||||
| CVE-2008-6324 | 1 Cfmsource | 1 Cf Forum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||||
| CVE-2008-6327 | 1 Manzovi | 1 Proquiz | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312. | |||||
| CVE-2008-6328 | 1 Butterflymedia | 1 Butterfly Organizer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6329 | 1 Preproject | 1 Pre Asp Job Board | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6330 | 1 Jaia Interactive | 1 Mytopix | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action. | |||||
| CVE-2008-6332 | 1 Simplecustomer | 1 Simple Customer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2008-6333 | 1 Matthew General | 1 Rss Simple News | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2008-6334 | 1 Emetrix | 1 Extract Website | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2008-6335 | 1 Emetrix | 1 Online Keyword Research Tool | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2008-6336 | 1 Rightscripts | 1 Text Lines Rearrange Script | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal sequences in the filename parameter. | |||||
| CVE-2008-6337 | 2 Joomla, Joomlaapps | 2 Joomla, Com Volunteer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php. | |||||
| CVE-2008-6345 | 1 Cms.maury91 | 1 Solarcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to indes.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6347 | 2 Joomla, Luigi Massa | 2 Joomla, Onguma Time Sheet | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-6348 | 1 Developiteasy | 1 Photo Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6349 | 1 Turnkeyforms | 1 Business Survey Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6350 | 1 Turnkeyforms | 1 Local Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
| CVE-2008-6351 | 1 Turnkeyforms | 1 Local Classifieds | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to inject arbitrary web script or HTML via the r parameter. | |||||
| CVE-2008-6352 | 1 Xpoze | 1 Xpoze Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter. | |||||
| CVE-2008-6353 | 1 Asp-cms | 1 Asp-cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter. | |||||
| CVE-2008-6354 | 1 Thenetguys | 1 Aspired2poll | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2poll.mdb. | |||||
| CVE-2008-6355 | 1 Thenetguys | 1 Aspired2protect | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2Protect stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to ASPired2Protect.mdb. | |||||
| CVE-2008-6356 | 1 Donnafontenot | 1 Evcal Events Calendar | 2017-09-29 | 5.0 MEDIUM | N/A |
| evCal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to (1) evcal.mdb and (2) evcal97.mdb. | |||||
| CVE-2008-6357 | 1 Donnafontenot | 1 Mycal Personal Events Calendar | 2017-09-29 | 5.0 MEDIUM | N/A |
| MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb. | |||||
| CVE-2008-6358 | 1 Socialgroupie | 1 Social Groupie | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6361 | 1 Insun Podcast | 1 Feedcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 19Beta allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter. | |||||
| CVE-2008-6362 | 1 Ezonelink | 1 Multiple Membership Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6363 | 1 Capilano | 1 Designworks | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0.7 allows remote attackers to execute arbitrary code via a crafted .cct file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6364 | 1 Adserversolutions | 1 Banner Exchange Software | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6365 | 1 Adserversolutions | 1 Ad Management Software | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6366 | 1 Adserversolutions | 1 Affiliate Software Java | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6367 | 1 Socialgroupie | 1 Social Groupie | 2017-09-29 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/. | |||||
| CVE-2008-6369 | 1 Ocean12tech | 1 Contact Manager Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter. | |||||
| CVE-2008-6370 | 1 Ocean12tech | 1 Contact Manager Pro | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter. | |||||
| CVE-2008-6371 | 1 Ocean12tech | 1 Membership Manager Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter). | |||||
| CVE-2008-6372 | 1 Ocean12tech | 1 Faq Manager Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6374 | 1 Codefixer | 1 Mailinglistpro | 2017-09-29 | 5.0 MEDIUM | N/A |
| CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb. | |||||
| CVE-2008-6377 | 1 Phpbb-seo | 1 Multi Seo Phpbb | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | |||||
| CVE-2008-6378 | 1 Mxmania | 1 Calendar Mx Professional | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-6379 | 1 Mxmania | 1 Gallery Mx | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||