Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5879 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors. | |||||
| CVE-2008-5880 | 1 Gobbl | 1 Gobbl Cms | 2017-09-29 | 7.5 HIGH | N/A |
| admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok". | |||||
| CVE-2008-5881 | 1 Playsms | 1 Playsms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to plugin/themes/default/init.php. | |||||
| CVE-2008-5883 | 1 Mini-pub | 1 Mini-pub | 2017-09-29 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter. | |||||
| CVE-2008-5885 | 1 Thenetguys | 1 Aspired2quote | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5886 | 1 Takempis | 1 Discussion Web | 2017-09-29 | 5.0 MEDIUM | N/A |
| TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5888 | 1 Icash | 1 Click\&rank | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5889 | 1 Icash | 1 Click\&rank | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2008-5890 | 1 Injader | 1 Injader | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5892 | 1 Icash | 1 Click\&email | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5893 | 1 Icash | 1 Click\&email | 2017-09-29 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action. | |||||
| CVE-2008-5894 | 1 Mediatheka | 1 Mediatheka | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2008-5895 | 1 Mediatheka | 1 Mediatheka | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2008-5896 | 1 Codeavalanche | 1 Ratemysite | 2017-09-29 | 7.5 HIGH | N/A |
| CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5897 | 1 Codeavalanche | 1 Freewallpaper | 2017-09-29 | 7.5 HIGH | N/A |
| CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5898 | 1 Codeavalanche | 1 Directory | 2017-09-29 | 7.5 HIGH | N/A |
| CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5899 | 1 Codeavalanche | 1 Freeforall | 2017-09-29 | 7.5 HIGH | N/A |
| CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5900 | 1 Codeavalanche | 1 Articles | 2017-09-29 | 7.5 HIGH | N/A |
| CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5901 | 1 Iyziforum | 1 Iyzi Forum | 2017-09-29 | 7.5 HIGH | N/A |
| iyzi Forum 1.0 beta 3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for db/iyziforum.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5913 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-29 | 4.9 MEDIUM | N/A |
| The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." | |||||
| CVE-2008-5918 | 1 Tigris | 1 Websvn | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2008-5919 | 1 Tigris | 1 Websvn | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter. | |||||
| CVE-2008-5920 | 1 Tigris | 1 Websvn | 2017-09-29 | 7.5 HIGH | N/A |
| The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. | |||||
| CVE-2008-5921 | 1 Umerinc | 1 Songs Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5926 | 1 Asp-dev | 1 Internal E-mail System | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5927 | 1 China-on-site | 1 Flexphpnews | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5928 | 1 Flds-script | 1 Flds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5929 | 1 Vpasp | 1 Vp-asp Shopping Cart | 2017-09-29 | 5.0 MEDIUM | N/A |
| VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5930 | 1 The Net Guys | 1 Aspired2blog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter. | |||||
| CVE-2008-5931 | 1 The Net Guys | 1 Aspired2blog | 2017-09-29 | 5.0 MEDIUM | N/A |
| The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5932 | 1 Codeavalanche | 1 Freeforum | 2017-09-29 | 5.0 MEDIUM | N/A |
| CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5933 | 1 Cmsisweb | 1 Cms Isweb | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5934 | 1 Cmsisweb | 1 Cms Isweb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter. | |||||
| CVE-2008-5936 | 1 Mini-pub | 1 Mini-pub | 2017-09-29 | 5.0 MEDIUM | N/A |
| front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers to read files and obtain PHP source code via a filename in the sFileName parameter. | |||||
| CVE-2008-5937 | 1 Zkesoft | 1 Ayeview | 2017-09-29 | 7.8 HIGH | N/A |
| AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values. | |||||
| CVE-2008-5938 | 1 Modxcms | 1 Modxcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter. | |||||
| CVE-2008-5939 | 1 Modxcms | 1 Modxcms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure. | |||||
| CVE-2008-5948 | 1 Bncwi | 1 Bncwi | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in BNCwi 1.04 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlanguage parameter. | |||||
| CVE-2008-5949 | 1 Tiddlywiki | 1 Cctiddly | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php. | |||||
| CVE-2008-5950 | 1 Aspapps | 1 Template Creature | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter. | |||||
| CVE-2008-5951 | 1 Aspapps | 1 Template Creature | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASP Template Creature stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for workDB/templatemonster.mdb. | |||||
| CVE-2008-5952 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI. | |||||
| CVE-2008-5953 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI. | |||||
| CVE-2008-5955 | 1 Phpstreet | 1 Webboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5956 | 1 Phpstreet | 1 Webboard | 2017-09-29 | 5.0 MEDIUM | N/A |
| Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc. | |||||
| CVE-2008-5958 | 1 Activewebsoftwares | 1 Active Test | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp. | |||||
| CVE-2008-5959 | 1 Active Web Softwares | 1 Active Test | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5962 | 1 Gravity-gtd | 1 Gravity-gtd | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the objectname parameter. | |||||
| CVE-2008-5963 | 1 Gravity-gtd | 1 Gravity-gtd | 2017-09-29 | 10.0 HIGH | N/A |
| Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter. | |||||
| CVE-2008-5965 | 1 Lokicms | 1 Lokicms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to check for the existence of arbitrary files via a .. (dot dot) in the page parameter. | |||||