Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2506 | 1 Simpel Side | 1 Weblosning | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php. | |||||
| CVE-2008-2513 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors. | |||||
| CVE-2008-2514 | 1 Ibm | 1 Aix | 2017-09-29 | 4.6 MEDIUM | N/A |
| Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2008-2515 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error." | |||||
| CVE-2008-2520 | 1 Bigace | 1 Bigace | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) system/classes/sql/AdoDBConnection.php; and the (2) GLOBALS[_BIGACE][DIR][admin] parameter to (c) item_information.php and (d) jstree.php in system/application/util/, and (e) system/admin/plugins/menu/menuTree/plugin.php, different vectors than CVE-2006-4423. | |||||
| CVE-2008-2521 | 1 Yabsoft | 1 Mega File Hosting Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2008-2522 | 1 Haudenschilt | 1 Battlenet Clan Script | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action. | |||||
| CVE-2008-2529 | 1 Advanced Links Management | 1 Advanced Links Management | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter. | |||||
| CVE-2008-2530 | 1 Quickupcms | 1 Quickupcms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php. | |||||
| CVE-2008-2532 | 1 Aj Square | 1 Aj Hyip | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2533 | 1 Fkrauthan | 1 Phoenix View Cms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c) links.admin.php, (d) menue.admin.php, (e) news.admin.php, and (f) todo.admin.php in admin/module/. | |||||
| CVE-2008-2534 | 1 Fkrauthan | 1 Phoenix View Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter. | |||||
| CVE-2008-2535 | 1 Fkrauthan | 1 Phoenix View Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/. | |||||
| CVE-2008-2536 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter. | |||||
| CVE-2008-2537 | 1 Hispah | 1 Model Search | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-2538 | 1 Sun | 1 Solaris | 2017-09-29 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors. | |||||
| CVE-2008-2549 | 1 Adobe | 1 Acrobat Reader | 2017-09-29 | 4.3 MEDIUM | N/A |
| Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. | |||||
| CVE-2008-2555 | 1 Easyway | 1 Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2008-2556 | 1 Hessel Brouwer | 1 Php Visit Counter | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action. | |||||
| CVE-2008-2560 | 1 Fourtwosevenbb | 1 427bb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||||
| CVE-2008-2561 | 1 Fourtwosevenbb | 1 427bb | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php. | |||||
| CVE-2008-2562 | 1 Powerphlogger | 1 Powerphlogger | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action. | |||||
| CVE-2008-2564 | 1 Joomla | 2 Com Jotloader, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. | |||||
| CVE-2008-2566 | 1 Php-address Book | 1 Php-address Book | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI. | |||||
| CVE-2008-2569 | 1 Joomla | 1 Easybook Component | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php. | |||||
| CVE-2008-2595 | 1 Oracle | 2 Database 10g, Database 9i | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference. | |||||
| CVE-2008-2626 | 1 Battleblog | 1 Battleblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter. | |||||
| CVE-2008-2627 | 1 Joomla | 1 Com Idoblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php. | |||||
| CVE-2008-2628 | 2 Joomla, Ron Liskey | 2 Joomla, Com Equotes | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2008-2629 | 2 Drupal, Lifetype | 2 Drupal, Lifetype | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php. | |||||
| CVE-2008-2630 | 1 Joomla | 1 Com Jb2 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php. | |||||
| CVE-2008-2632 | 1 Joomla | 2 Com Acctexp, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php. | |||||
| CVE-2008-2634 | 1 Bearrivernet.net | 1 I-pos Internet Pay Online Store | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||||
| CVE-2008-2638 | 1 1-script | 1 1-book | 2017-09-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php. | |||||
| CVE-2008-2643 | 1 Joomla | 1 Com Biblestudy | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php. | |||||
| CVE-2008-2645 | 1 Brim-project | 1 Brim | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | |||||
| CVE-2008-2646 | 1 Mebiblio | 1 Mebiblio | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php. | |||||
| CVE-2008-2647 | 1 Mebiblio | 1 Mebiblio | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter. | |||||
| CVE-2008-2648 | 1 Mebiblio | 1 Mebiblio | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory. | |||||
| CVE-2008-2649 | 1 Don3 | 1 Desktoponnet | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php. | |||||
| CVE-2008-2650 | 1 Cmsimple | 1 Cmsimple | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. | |||||
| CVE-2008-2651 | 1 Joomla | 1 Com Joobb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php. | |||||
| CVE-2008-2673 | 1 Powie | 1 Pnews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter. | |||||
| CVE-2008-2676 | 1 Joomla | 2 Com News Portal, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2008-2677 | 1 Telephone | 1 Telephone Directory 2008 | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2008-2678 | 1 Telephone | 1 Telephone Directory 2008 | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php. | |||||
| CVE-2008-2679 | 1 Realm Project | 1 Realm Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI. | |||||
| CVE-2008-2680 | 1 Realm Project | 1 Realm Cms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp in Realm CMS 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) CmpctedDB and (2) Boyut parameters. | |||||
| CVE-2008-2681 | 1 Realm Project | 1 Realm Cms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive information via a direct request to _db/compact.asp, which reveals the database path in an error message. | |||||
| CVE-2008-2682 | 1 Realm Project | 1 Realm Cms | 2017-09-29 | 7.5 HIGH | N/A |
| _RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote attackers to bypass authentication and access admin pages via certain modified cookies, probably including (1) cUserRole, (2) cUserName, and (3) cUserID. | |||||