Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4644 | 1 Mywebland | 1 Mystats | 2017-09-29 | 7.5 HIGH | N/A |
| hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header. | |||||
| CVE-2008-4645 | 1 Phpwebgallery | 1 Phpwebgallery | 2017-09-29 | 9.0 HIGH | N/A |
| plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function. | |||||
| CVE-2008-4650 | 1 Mywebland | 1 Myevent | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter. | |||||
| CVE-2008-4652 | 1 Dart | 1 Powertcp Ftp For Activex | 2017-09-29 | 9.3 HIGH | N/A |
| Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property. | |||||
| CVE-2008-4653 | 1 Xoops | 2 Makale, Xoops | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4665 | 1 Datingpro | 1 Matchmaking | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php. | |||||
| CVE-2008-4666 | 1 Deeserver | 1 Ultimate Webboard | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to execute arbitrary SQL commands via the Category parameter. | |||||
| CVE-2008-4667 | 1 Arabcms | 1 Arabcms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter. | |||||
| CVE-2008-4668 | 1 Joomla | 2 Com Imagebrowser, Joomla | 2017-09-29 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. | |||||
| CVE-2008-4673 | 1 Webbiscuits | 1 Events Calendar | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters. | |||||
| CVE-2008-4674 | 1 Conkurent | 1 Real Estate | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode. | |||||
| CVE-2008-4675 | 1 Phpcounter | 1 Phpcounter | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-4686 | 1 Videolan | 1 Vlc Media Player | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654. | |||||
| CVE-2008-4690 | 1 Lynx | 1 Lynx | 2017-09-29 | 10.0 HIGH | N/A |
| lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. | |||||
| CVE-2008-4699 | 1 Microsoft | 1 Peachtree Accounting | 2017-09-29 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method. | |||||
| CVE-2008-4700 | 1 Liberiacms | 1 Liberia Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter. | |||||
| CVE-2008-4702 | 1 Phpwebgallery | 1 Phpwebgallery | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the user[language] parameter to isadmin.inc.php. | |||||
| CVE-2008-4703 | 1 Bosdev | 1 Bosnews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter. | |||||
| CVE-2008-4704 | 1 Mitre | 1 Sezhoo | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | |||||
| CVE-2008-4705 | 1 Phponlinedatingsoftware | 1 Myphpdating | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4706 | 1 Vbulletin | 1 Vbgooglemap | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php. | |||||
| CVE-2008-4707 | 1 Sylvain Pasquet | 1 Bbzl Php | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a .. (dot dot) in the lien_2 parameter. | |||||
| CVE-2008-4708 | 1 Sylvain Pasquet | 1 Bbzl.php | 2017-09-29 | 7.5 HIGH | N/A |
| BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1. | |||||
| CVE-2008-4709 | 1 Pilot Group | 1 Etraining | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4711 | 1 Joovili | 1 Joovili | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php, (5) view.picture.php, and (6) view.video.php. | |||||
| CVE-2008-4712 | 1 Lnblog | 1 Lnblog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the plugin parameter. | |||||
| CVE-2008-4713 | 1 212cafe | 1 212cafeboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter. | |||||
| CVE-2008-4714 | 1 Atomic Photo Album | 1 Atomic Photo Album | 2017-09-29 | 7.5 HIGH | N/A |
| Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative access via modified cookies. | |||||
| CVE-2008-4716 | 1 Scriptdemo | 1 Php-lance | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-4717 | 1 Zeeways | 1 Zeelyrics | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||||
| CVE-2008-4718 | 1 X7 Group | 1 X7 Chat | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156. | |||||
| CVE-2008-4719 | 1 Openengine | 1 Openengine | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329. | |||||
| CVE-2008-4720 | 1 Arzdev | 1 Gemini Portal | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2) page/forums/category.php. | |||||
| CVE-2008-4721 | 1 Php Jabbers | 1 Post Comment | 2017-09-29 | 7.5 HIGH | N/A |
| PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged." | |||||
| CVE-2008-4728 | 1 Hummingbird | 1 Deployment Wizard | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders. | |||||
| CVE-2008-4729 | 1 Hummingbird | 2 Exceed, Exceed Powersuite | 2017-09-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) in Hummingbird Xweb ActiveX Control 13.0 and earlier allows remote attackers to execute arbitrary code via a long PlainTextPassword property. NOTE: code execution might not be possible in 13.0. | |||||
| CVE-2008-4735 | 1 Coastal | 1 Coast | 2017-09-29 | 8.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file parameter. | |||||
| CVE-2008-4736 | 1 Aves | 1 Rpg Board | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter. | |||||
| CVE-2008-4738 | 1 Tufat | 1 Mycard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4739 | 1 Plugspace | 1 Plugspace | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter. | |||||
| CVE-2008-4740 | 1 Tinycms | 1 Tinycms | 2017-09-29 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template] parameter. | |||||
| CVE-2008-4748 | 1 Kvirc | 1 Kvirc | 2017-09-29 | 7.6 HIGH | N/A |
| Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI. | |||||
| CVE-2008-4749 | 1 Db Soft Lab | 1 Vimp X | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile method. | |||||
| CVE-2008-4750 | 1 Dbsoftlab | 1 Vimp X | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property. | |||||
| CVE-2008-4752 | 1 Tech Logic | 1 Tlnews | 2017-09-29 | 7.5 HIGH | N/A |
| TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin. | |||||
| CVE-2008-4753 | 1 Aj Square Inc | 1 Rss Reader | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter. | |||||
| CVE-2008-4754 | 1 Scripts-for-sites | 1 Ez Forum | 2017-09-29 | 5.8 MEDIUM | N/A |
| SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | |||||
| CVE-2008-4755 | 1 Pozscripts | 1 Classified Auctions Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4756 | 1 Php-daily | 1 Php-daily | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter. | |||||
| CVE-2008-4757 | 1 Php-daily | 1 Php-daily | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php. | |||||