Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5966 | 1 Globsy | 1 Globsy | 2017-09-29 | 7.5 HIGH | N/A |
| globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter. | |||||
| CVE-2008-5969 | 1 Sunbyte | 1 E-flower | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5972 | 1 Activewebsoftwares | 1 Active Business Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-5973 | 1 Activewebsoftwares | 1 Active Web Mail | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2008-5974 | 1 Activewebsoftwares | 1 Active Price Comparison | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields. | |||||
| CVE-2008-5978 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp. | |||||
| CVE-2008-5979 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter. | |||||
| CVE-2008-5980 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. | |||||
| CVE-2008-5981 | 1 Pacosdrivers | 1 Pacpoll | 2017-09-29 | 5.0 MEDIUM | N/A |
| PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. | |||||
| CVE-2008-5988 | 1 Jadu | 1 Jadu Cms For Government | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5989 | 1 Phpcounter | 1 Phpcounter | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter. | |||||
| CVE-2008-5990 | 1 Eduforge | 1 Emergecolab | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in connect/init.inc in emergecolab 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sitecode parameter to connect/index.php. | |||||
| CVE-2008-5991 | 2 Mailscanner, Mailwatch | 2 Mailscanner, Mailwatch | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter. | |||||
| CVE-2008-5992 | 1 Jetik | 1 Jetik Emlak Sistem A | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php. | |||||
| CVE-2008-5993 | 1 Barcodephp | 1 Barcodegen 1d | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in image.php in Barcode Generator 1D (barcodegen) 2.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the code parameter. | |||||
| CVE-2008-6001 | 1 Adnforum | 1 Adnforum | 2017-09-29 | 7.5 HIGH | N/A |
| index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string. | |||||
| CVE-2008-6002 | 1 Web-cp | 1 Web-cp | 2017-09-29 | 7.1 HIGH | N/A |
| Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, when register_globals is enabled, allows remote attackers to read arbitrary files via a full pathname in the filelocation parameter. | |||||
| CVE-2008-6003 | 1 Aj Square | 1 Aj Auction | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter. | |||||
| CVE-2008-6004 | 1 Aj Square | 1 Aj Auction | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter. | |||||
| CVE-2008-6006 | 1 Minbank | 1 Micronation Banking System | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/. | |||||
| CVE-2008-6007 | 1 Quidascript | 1 Bookmarks Favourites Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_group.php in QuidaScript BookMarks Favourites Script (APB) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6009 | 1 Sg Real Estate Portal | 1 Sg Real Estate Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1. | |||||
| CVE-2008-6010 | 1 Sg Real Estate Portal | 1 Sg Real Estate Portal | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php. | |||||
| CVE-2008-6011 | 1 Sg Real Estate Portal | 1 Sg Real Estate Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||||
| CVE-2008-6014 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6017 | 1 I-rater | 1 I-rater Basic | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter. | |||||
| CVE-2008-6018 | 1 Myphpsite | 1 Myphpsite | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in MyPHPSite, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter. | |||||
| CVE-2008-6022 | 1 Xnova | 1 Xnova | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter. | |||||
| CVE-2008-6023 | 1 Xnova | 1 Xnova | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter. | |||||
| CVE-2008-6025 | 1 Openelec | 1 Openelec | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in scr/form.php in openElec 3.01 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the obj parameter. | |||||
| CVE-2008-6028 | 1 University Of Queensland | 1 Fez | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action. | |||||
| CVE-2008-6029 | 1 Buzzywall | 1 Buzzywall | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2008-6030 | 1 Netartmedia | 1 Jobs Portal | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to index.php in the search module or (2) the news_id parameter to index.php. | |||||
| CVE-2008-6031 | 1 Wsn Links | 1 Wsn Links | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable. | |||||
| CVE-2008-6032 | 1 Wsn | 1 Links | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6033 | 1 Wsn Links | 1 Wsn Links | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6036 | 1 Basebuilder | 1 Basebuilder | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter. | |||||
| CVE-2008-6037 | 1 Availscript | 1 Availscript Article Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the v parameter. | |||||
| CVE-2008-6042 | 1 Netartmedia | 1 Real Estate Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php. | |||||
| CVE-2008-6050 | 2 Ircmaxell, Joomla | 2 Tech Article, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php. | |||||
| CVE-2008-6057 | 1 Liberum | 1 Liberum Help Desk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | |||||
| CVE-2008-6064 | 1 Domphp | 1 Domphp | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote attackers to execute arbitrary SQL commands via the cat parameter to agenda/index.php, and unspecified other vectors. | |||||
| CVE-2008-6068 | 2 Joomla, Web Design Hero | 2 Joomla, Joomladate | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php. | |||||
| CVE-2008-6076 | 2 Jlleblanc, Joomla | 2 Com Dailymessage, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2008-6077 | 1 Loudblog | 1 Loudblog | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and earlier allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action. | |||||
| CVE-2008-6078 | 1 Limbo Cms | 2 Com Privmsg, Limbo Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in open.php in the Private Messaging (com_privmsg) component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php. | |||||
| CVE-2008-6080 | 2 Codecall, Joomla | 2 Com Ionfiles, Joomla | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-6081 | 1 Simplecustomer | 1 Simple Customer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6082 | 1 Southrivertech | 1 Titan Ftp Server | 2017-09-29 | 5.0 MEDIUM | N/A |
| Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command. | |||||
| CVE-2008-6084 | 1 .matteoiammarrone | 1 Iamma Simple Gallery | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. | |||||