Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6720 | 1 Deltascripts | 1 Php Links | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field). | |||||
| CVE-2008-6721 | 1 Ajsquare | 1 Aj Article | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field). | |||||
| CVE-2008-6723 | 1 Turnkeyforms | 1 Entertainment Portal | 2017-09-29 | 7.5 HIGH | N/A |
| TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator. | |||||
| CVE-2008-6725 | 1 Cmscout | 1 Cmscout | 2017-09-29 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php. | |||||
| CVE-2008-6726 | 1 Cmscout | 1 Cmscout | 2017-09-29 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415. | |||||
| CVE-2008-6727 | 1 Myupb | 1 Upb | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
| CVE-2008-6729 | 1 Phpmotion | 1 Phpmotion | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter. | |||||
| CVE-2008-6730 | 1 China-on-site | 1 Flexphplink | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. | |||||
| CVE-2008-6731 | 1 China-on-site | 1 Flexphplink | 2017-09-29 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/. | |||||
| CVE-2008-6734 | 1 Keller Web Admin | 1 Kwa | 2017-09-29 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||||
| CVE-2008-6735 | 1 Thaiquickcart | 1 Thaiquickcart | 2017-09-29 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie. | |||||
| CVE-2008-6738 | 1 Mark Girling | 1 Myshoutpro | 2017-09-29 | 7.5 HIGH | N/A |
| MyShoutPro 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin_access cookie to 1. | |||||
| CVE-2008-6739 | 1 Toddwoolums | 1 Asp Download | 2017-09-29 | 7.5 HIGH | N/A |
| Todd Woolums ASP Download management script 1.03 does not require authentication for setupdownload.asp, which allows remote attackers to gain administrator privileges via a direct request. | |||||
| CVE-2008-6740 | 1 Homap | 1 Homap | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter. | |||||
| CVE-2008-6741 | 1 Simple Machines | 1 Simple Machines Forum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php. | |||||
| CVE-2008-6742 | 1 Gofoxy | 1 Foxy | 2017-09-29 | 4.3 MEDIUM | N/A |
| Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value. | |||||
| CVE-2008-6743 | 1 Shock-therapy | 1 Rsmscript | 2017-09-29 | 7.5 HIGH | N/A |
| RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php. | |||||
| CVE-2008-6745 | 1 Blogphp | 1 Blogphp | 2017-09-29 | 7.5 HIGH | N/A |
| index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action. | |||||
| CVE-2008-6749 | 1 China-on-site | 1 Flexphpdirectory | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters. | |||||
| CVE-2008-6750 | 1 China-on-site | 1 Flexphpdirectory | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/. | |||||
| CVE-2008-6751 | 1 Revou | 2 Revou, Tclone | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in settings/my_photo. | |||||
| CVE-2008-6752 | 1 Revou | 1 Revou | 2017-09-29 | 7.5 HIGH | N/A |
| adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation. | |||||
| CVE-2008-6761 | 1 China-on-site | 1 Flexcustomer0.0.6 | 2017-09-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php. | |||||
| CVE-2008-6763 | 1 Hypersilence | 1 Silentum Loginsys | 2017-09-29 | 7.5 HIGH | N/A |
| login2.php in Silentum LoginSys 1.0.0 allows remote attackers to bypass authentication and obtain access to an arbitrary account by setting the logged_in cookie to that account's username. | |||||
| CVE-2008-6768 | 1 Shopsystem-forum | 1 K\&s Shopsoftware | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/. | |||||
| CVE-2008-6769 | 1 Peterselie | 1 Yourplace | 2017-09-29 | 6.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||||
| CVE-2008-6770 | 1 Peterselie | 1 Yourplace | 2017-09-29 | 5.0 MEDIUM | N/A |
| YourPlace 1.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to a database containing user credentials via a direct request for users.txt. | |||||
| CVE-2008-6771 | 1 Peterselie | 1 Yourplace | 2017-09-29 | 5.0 MEDIUM | N/A |
| YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2008-6772 | 1 Peterselie | 1 Yourplace | 2017-09-29 | 7.5 HIGH | N/A |
| login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user. | |||||
| CVE-2008-6773 | 1 Peterselie | 1 Yourplace | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the (1) fav1_url, (2) fav1_name, (3) fav2_url, (4) fav2_name, (5) fav3_url, (6) fav3_name, (7) fav4_url, (8) fav4_name, (9) fav5_url, or (10) fav5_name parameters. | |||||
| CVE-2008-6776 | 1 Scripts-for-sites | 1 Ez Hot Or Not | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter. | |||||
| CVE-2008-6777 | 1 Myphp | 1 Myphp Forum | 2017-09-29 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667. | |||||
| CVE-2008-6778 | 1 Scripts-for-sites | 1 Ez Auction | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-6780 | 1 Scripts-for-sites | 1 Ez Affiliate | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-6781 | 1 Scripts-for-sites | 1 Ez Gaming Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) Gaming Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-6782 | 1 Scripts-for-sites | 1 Ez Hosting Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-6783 | 1 Scripts-for-sites | 1 Ez Home Business Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-6784 | 1 Scripts-for-sites | 1 Ez Adult Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-6785 | 1 Galaxyscripts | 1 Mini File Host | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file. | |||||
| CVE-2008-6787 | 1 Jeremy Powers | 1 Lizardware Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user. | |||||
| CVE-2008-6788 | 1 Minddezign | 1 Photo Gallery | 2017-09-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php. | |||||
| CVE-2008-6789 | 1 Minddezign | 1 Photo Gallery | 2017-09-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788. | |||||
| CVE-2008-6790 | 1 Minddezign | 1 Photo Gallery | 2017-09-29 | 5.1 MEDIUM | N/A |
| The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php. | |||||
| CVE-2008-6791 | 1 Klever | 1 Pumpkin | 2017-09-29 | 5.0 MEDIUM | N/A |
| PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field. | |||||
| CVE-2008-6794 | 1 Sfs Ez Pub | 1 Fsf Ex Pub | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-6795 | 1 Niclor | 1 Vibro-school-cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter. | |||||
| CVE-2008-6796 | 1 Preprojects | 1 Pre Real Estate Listings | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field). | |||||
| CVE-2008-6798 | 1 Preprojects | 1 Pre Real Estate Listings | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field). | |||||
| CVE-2008-6804 | 1 Tribiq | 1 Tribiq Cms | 2017-09-29 | 7.5 HIGH | N/A |
| ** DISPUTED ** Tribiq CMS 5.0.9a beta allows remote attackers to bypass authentication and gain administrative access by setting the COOKIE_LAST_ADMIN_USER and COOKIE_LAST_ADMIN_LANG cookies. NOTE: a third party reports that the vendor disputes the existence of this issue. | |||||
| CVE-2008-6805 | 1 Micgr | 1 Mic Blog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php. | |||||