Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2683 | 1 Black Ice | 1 Barcode Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2684 | 1 Blackice | 1 Black Ice Barcode Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2686 | 1 Flux Cms | 1 Flux Cms | 2017-09-29 | 7.5 HIGH | N/A |
| webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename. | |||||
| CVE-2008-2687 | 1 Promanager | 1 Promanager | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in inc/config.php in ProManager 0.73 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2008-2688 | 1 Pilotcart | 1 Pilot Cart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action. | |||||
| CVE-2008-2689 | 1 Browsercrm | 1 Browsercrm | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter. | |||||
| CVE-2008-2691 | 1 Jiro | 1 Faq Manager Experience | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter. | |||||
| CVE-2008-2692 | 1 Joomla | 1 Com Yvcomment | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php. | |||||
| CVE-2008-2693 | 1 Black Ice | 1 Barcode Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method. | |||||
| CVE-2008-2694 | 1 Phpinv | 1 Phpinv | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2008-2695 | 1 Phpinv | 1 Phpinv | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||||
| CVE-2008-2699 | 1 Gwm | 1 Galatolo Webmanager | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php. | |||||
| CVE-2008-2700 | 1 Gwm | 1 Galatolo Webmanager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2706 | 1 Sun | 1 Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference. | |||||
| CVE-2008-3602 | 1 Psychdaily | 1 Php Ring Webring System | 2017-09-29 | 7.5 HIGH | N/A |
| admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9.1 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
| CVE-2008-3603 | 1 Vacation Rentals | 1 Vacation Rental Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action. | |||||
| CVE-2008-3649 | 1 Articlefriendly | 1 Article Friendly | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter. | |||||
| CVE-2008-3651 | 1 Linux | 1 Ipsec Tools Racoon Daemon | 2017-09-29 | 4.0 MEDIUM | N/A |
| Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. | |||||
| CVE-2008-3652 | 1 Ipsec-tools | 1 Ipsec-tools | 2017-09-29 | 7.8 HIGH | N/A |
| src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption). | |||||
| CVE-2008-3669 | 1 Zeescripts | 1 Zeereviews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2008-3670 | 1 Articlefriendly | 1 Article Friendly | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter. | |||||
| CVE-2008-3673 | 1 Pozscripts | 1 Classified Ads | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3672. | |||||
| CVE-2008-3674 | 1 Pozscripts | 1 Tubeguru Video Sharing Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter. | |||||
| CVE-2008-3675 | 1 Gelatocms | 1 Gelatocms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3681 | 1 Joomla | 1 Com User | 2017-09-29 | 7.5 HIGH | N/A |
| components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator. | |||||
| CVE-2008-3702 | 2 Jcomsoft, Speedbit | 2 Anigif, Download Accelerator Plus | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument to the (1) ReadGIF or (2) ReadGIF2 method. | |||||
| CVE-2008-3706 | 1 Zeeways | 1 Zeejobsite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||||
| CVE-2008-3708 | 1 Dotcms | 1 Dotcms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot. | |||||
| CVE-2008-3711 | 1 Phparcadescript | 1 Phparcadescript | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action. | |||||
| CVE-2008-3713 | 1 Phpbasket | 1 Phpbasket | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter. | |||||
| CVE-2008-3716 | 1 Harmoni | 1 Harmoni | 2017-09-29 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. | |||||
| CVE-2008-3718 | 1 Cyberbb | 1 Cyberbb | 2017-09-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php. | |||||
| CVE-2008-3719 | 1 Scripts-for-sites | 1 Affiliate Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action. | |||||
| CVE-2008-3720 | 1 Deeemm | 1 Dmcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679. | |||||
| CVE-2008-3721 | 1 Deeemm | 1 Dmcms | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. | |||||
| CVE-2008-2742 | 1 Achievo | 1 Achievo | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled. | |||||
| CVE-2008-2745 | 1 Black Ice | 1 Annotation Software | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method. | |||||
| CVE-2008-2746 | 1 Gryphon | 1 Gllcts2 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter. | |||||
| CVE-2008-2753 | 1 Paridel | 1 Pooya Site Builder | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/. | |||||
| CVE-2008-2754 | 1 Efiction | 1 Efiction | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter. | |||||
| CVE-2008-2755 | 1 Jamm-media | 1 Jamm Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2770 | 1 Mycrocms | 1 Mycrocms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter. | |||||
| CVE-2008-2774 | 1 Cartkeeper | 1 Ckgold Shopping Cart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736. | |||||
| CVE-2008-2778 | 1 Revokesoft | 1 Revokebb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2008-2782 | 1 Otomigenx | 1 Otomigenx | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php. | |||||
| CVE-2008-2789 | 1 Basic-cms | 1 Basic-cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||||
| CVE-2008-2790 | 1 Mountaingrafix | 1 Easytrade | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2791 | 1 Kalptaru Infotech | 1 Comparison Engine Power Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2792 | 1 Erocms | 1 Erocms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter. | |||||
| CVE-2008-2793 | 1 Clip-share | 1 Clipshare | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||||