Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6086 | 1 Camera Life | 1 Camera Life | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355. | |||||
| CVE-2008-6087 | 1 Camera Life | 1 Camera Life | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2008-6088 | 2 Joomla, Joomtracker | 2 Joomla, Com Joomtracker | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php. | |||||
| CVE-2008-6089 | 1 Scriptsez | 1 Easy Image Downloader | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main.php in ScriptsEz Easy Image Downloader allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a download action. | |||||
| CVE-2008-6090 | 1 Scriptsez | 1 Mini Hosting Panel | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in members.php in ScriptsEz Mini Hosting Panel allows remote attackers to read arbitrary local files via a .. (dot dot) in the dir parameter in a view action. | |||||
| CVE-2008-6091 | 1 Bmforum | 1 Bmforum | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter. | |||||
| CVE-2008-6092 | 1 Phpscripts | 1 Ranking-script | 2017-09-29 | 7.5 HIGH | N/A |
| phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie. | |||||
| CVE-2008-6093 | 1 Noname-cms | 1 Noname Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Noname CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) file_id parameter in a detailansicht action and the (2) kategorie parameter in a kategorien action. | |||||
| CVE-2008-6100 | 1 Berlios | 1 Discussion Forum 2k | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php. | |||||
| CVE-2008-6101 | 1 Ezonescripts | 1 Adult Banner Exchange Website | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter. | |||||
| CVE-2008-6102 | 1 Ezonescripts | 1 Link Trader Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ratelink.php in Link Trader Script allows remote attackers to execute arbitrary SQL commands via the lnkid parameter. | |||||
| CVE-2008-6108 | 1 Gwm | 1 Galatolo Webmanager | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter. | |||||
| CVE-2008-6111 | 1 Netart Media | 1 Vlog System | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter. | |||||
| CVE-2008-6112 | 1 Scriptsez | 1 Ez Ringtone Manager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/. | |||||
| CVE-2008-6114 | 2 E107, Mytipper | 2 E107, Zogo Shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter. | |||||
| CVE-2008-6115 | 1 Prozilla | 1 Hosting Index | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083. | |||||
| CVE-2008-6116 | 2 Extrosoft, Joomla | 2 Com Thyme, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php. | |||||
| CVE-2008-6117 | 1 Pilotgroup | 1 Pg Job Site Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action. | |||||
| CVE-2008-6118 | 1 Goople Cms | 1 Goople Cms | 2017-09-29 | 7.5 HIGH | N/A |
| win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1. | |||||
| CVE-2008-6132 | 1 Brickhost | 1 Phpscheduleit | 2017-09-29 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. | |||||
| CVE-2008-6133 | 1 Ozsari | 1 Full Php Emlak Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3942. | |||||
| CVE-2008-6138 | 1 Webbiscuits | 1 Modules Controller | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | |||||
| CVE-2008-6139 | 1 Webbiscuits | 1 Modules Controller | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in faqsupport/wce.download.php in WebBiscuits Modules Controller 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter. | |||||
| CVE-2008-6142 | 1 China-on-site | 1 Flexphpic | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. | |||||
| CVE-2008-6143 | 1 Owentechkenya | 1 Owenpoll | 2017-09-29 | 7.5 HIGH | N/A |
| OwenPoll 1.0 allows remote attackers to bypass authentication and obtain administrative access via a modified account name in the username cookie. | |||||
| CVE-2008-6146 | 1 Deluxebb | 1 Deluxebb | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989. | |||||
| CVE-2008-6147 | 1 Aspapp | 1 Forumapp | 2017-09-29 | 5.0 MEDIUM | N/A |
| ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb. | |||||
| CVE-2008-6151 | 1 Sepcity | 1 Shopping Mall | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-6152 | 1 Sepcity | 1 Faculty Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file. | |||||
| CVE-2008-6153 | 1 Jayeshp | 1 Pixel8 Web Photo Album | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. | |||||
| CVE-2008-6154 | 1 Hispah | 1 Text Links Ads | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idcat parameter. | |||||
| CVE-2008-6156 | 1 Formfields | 1 Adman | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter. | |||||
| CVE-2008-6162 | 1 Bux | 1 Bux.to Clone Script | 2017-09-29 | 7.5 HIGH | N/A |
| Bux.to Clone script allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1 and the usNick cookie to admin. | |||||
| CVE-2008-6163 | 1 Openx | 1 Openx | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter. | |||||
| CVE-2008-6165 | 1 Easy-script | 1 Cspartner | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters. | |||||
| CVE-2008-2074 | 1 Successkid | 1 Harris Wap Chat | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/. | |||||
| CVE-2008-2076 | 1 Actualscripts | 1 Actualanalyzer Lite | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter. | |||||
| CVE-2008-2081 | 1 Siteman | 1 Siteman | 2017-09-29 | 9.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2008-2082 | 1 Siteman | 1 Siteman | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message. | |||||
| CVE-2008-2084 | 2 Myarticles, Runcms | 2 Myarticles, Myarticles Module | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action. | |||||
| CVE-2008-2088 | 1 Phpforge | 1 Php Forge | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php. | |||||
| CVE-2008-2089 | 1 Sun | 1 Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. | |||||
| CVE-2008-2090 | 1 Sun | 1 Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. | |||||
| CVE-2008-2091 | 1 Kubelabs | 1 Kubelance | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter. | |||||
| CVE-2008-2093 | 3 Joomla, Joomlapolis, Mambo | 3 Com Comprofiler, Community Builder, Com Comprofiler | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php. | |||||
| CVE-2008-2095 | 3 Joomla, Mambo, Page-flip-tools | 3 Com Flippingbook, Com Flippingbook, Flipping Book | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||||
| CVE-2008-2113 | 1 Phpeasydata | 1 Phpeasydata | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-2114 | 1 Preprojects | 1 Pre Shopping Mall | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2008-2124 | 1 Fipsasp | 1 Fipscms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter. | |||||
| CVE-2008-2125 | 1 Musicbox | 1 Musicbox | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter. | |||||