Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5192 | 1 Philboard | 1 Philboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920. | |||||
| CVE-2008-5193 | 1 Philboard | 1 Philboard | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024. | |||||
| CVE-2008-5194 | 1 Softvisions Software | 1 Online Booking Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5195 | 1 Sebrac | 1 Sebraccms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors. | |||||
| CVE-2008-5196 | 1 Php-fusion | 2 Php-fusion, The Kroax Module | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-5200 | 2 Joomla, Mambo | 3 Com Xewebtv, Joomla, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2008-5201 | 1 Otmanager | 1 Otmanager Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-5202 | 1 Otmanager | 1 Otmanager Cms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter. | |||||
| CVE-2008-5203 | 1 Poweraward | 1 Poweraward | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter. | |||||
| CVE-2008-5204 | 1 Poweraward | 1 Poweraward | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php. | |||||
| CVE-2008-5208 | 2 Joomla, Mambo | 3 Com Datsogallery, Joomla, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
| CVE-2008-5209 | 1 Admidio | 1 Admidio | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-5210 | 1 Phpblock | 1 Phpblock | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776. | |||||
| CVE-2008-5212 | 1 Aj Square | 1 Aj Auction | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||||
| CVE-2008-5213 | 1 Aj Square | 1 Aj Article | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action. | |||||
| CVE-2008-5214 | 1 Clanlite | 1 Clanlite | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter. | |||||
| CVE-2008-5215 | 1 Clanlite | 1 Clanlite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter. | |||||
| CVE-2008-5216 | 1 Aj Square | 1 Zeuscart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-5217 | 1 Phpc0d3r | 1 Txtcms | 2017-09-29 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in txtCMS 0.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. | |||||
| CVE-2008-5218 | 1 Scriptsez | 1 Freeze Greetings | 2017-09-29 | 5.0 MEDIUM | N/A |
| ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with insufficient access control, which allows remote attackers to obtain cleartext passwords. | |||||
| CVE-2008-5219 | 1 Videoscript | 1 Videoscript | 2017-09-29 | 7.5 HIGH | N/A |
| The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters. | |||||
| CVE-2008-5220 | 1 Wportfolio | 1 Wportfolio | 2017-09-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/. | |||||
| CVE-2008-5221 | 1 Wportfolio | 1 Wportfolio | 2017-09-29 | 7.5 HIGH | N/A |
| The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters. | |||||
| CVE-2008-5223 | 1 Airvae | 1 Commerce | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2008-5226 | 3 Joomla, Mambads, Mambo | 3 Joomla, Mambads, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | |||||
| CVE-2008-5265 | 1 Tntforum | 1 Tnt Forum | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter. | |||||
| CVE-2008-5267 | 1 Experts | 1 Experts | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter. | |||||
| CVE-2008-5269 | 1 Powie | 1 Psys | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter. | |||||
| CVE-2008-5270 | 1 Wareziz | 1 Yuhhu Superstar 2008 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter. | |||||
| CVE-2008-5272 | 1 Syndeocms | 1 Syndeocms | 2017-09-29 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the template parameter to (1) starnet/editors/fckeditor/studenteditor.php; (2) starnet/modules/sn_news/edit_content.php, reached through starnet/index.php; and (3) starnet/modules/sn_newsletter/edit_content.php, reached through starnet/index.php. | |||||
| CVE-2008-5273 | 1 Toddwoolums | 1 Todd Woolums Asp News Management | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter. | |||||
| CVE-2008-5286 | 1 Apple | 1 Cups | 2017-09-29 | 7.5 HIGH | N/A |
| Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. | |||||
| CVE-2008-5287 | 1 Scripts4you | 1 Faq Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-5288 | 1 Scripts4you | 1 Faq Manager | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter. | |||||
| CVE-2008-5289 | 1 Scripts4you | 1 Clean Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5290 | 1 Scripts4you | 1 Clean Cms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2008-5291 | 1 Fuzzylime | 1 Fuzzylime Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165. | |||||
| CVE-2008-5292 | 1 Videogirls | 1 Videogirls Biz | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter. | |||||
| CVE-2008-5293 | 1 Bdigital Web Solutions | 1 Webstudio Ehotel | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | |||||
| CVE-2008-5294 | 1 Bdigital Web Solutions | 1 Webstudio Ecatalogue | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | |||||
| CVE-2008-5295 | 1 Jamit Software | 1 Jamit Job Board | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 allows remote attackers to execute arbitrary SQL commands via the show_emp parameter. | |||||
| CVE-2008-5297 | 1 Vitalwerks | 1 No-ip Duc | 2017-09-29 | 7.6 HIGH | N/A |
| Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function. | |||||
| CVE-2008-5306 | 1 Pilot Group | 1 Pg Real Estate Solution | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5307 | 1 Pilot Group | 1 Pg Real Roommate Finder Solution | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5308 | 1 Lovecms | 2 Lovecms, The Simple Forum | 2017-09-29 | 7.5 HIGH | N/A |
| The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php. | |||||
| CVE-2008-5309 | 1 Netart Media | 1 Real Estate Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 allows remote attackers to execute arbitrary SQL commands via the ad_id parameter in the re_send_email module to index.php. | |||||
| CVE-2008-5310 | 1 Netart Media | 1 Car Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5311 | 1 Netart Media | 1 Blog System | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5314 | 1 Clam Anti-virus | 1 Clamav | 2017-09-29 | 4.3 MEDIUM | N/A |
| Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions. | |||||
| CVE-2008-5316 | 1 Littlecms | 2 Lcms, Little Cms Color Engine | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741. | |||||