Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6185 | 1 Noticeware | 1 Noticeware Email Server Ng | 2017-09-29 | 5.0 MEDIUM | N/A |
| NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command. | |||||
| CVE-2008-6186 | 1 Raidenftpd | 1 Raidenftpd | 2017-09-29 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands. | |||||
| CVE-2008-6193 | 1 Myblog | 1 Myblog | 2017-09-29 | 5.0 MEDIUM | N/A |
| Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2008-6197 | 1 Kwsphp | 2 Galerie Module, Kwsphp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the galerie module for KwsPHP 1.3.456 allows remote attackers to execute arbitrary SQL commands via the id_gal parameter in a gal action. | |||||
| CVE-2008-6198 | 1 Mybboard | 2 Custom Pages Plugin, Mybb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-6199 | 1 2532gigs | 1 2532gigs | 2017-09-29 | 4.0 MEDIUM | N/A |
| 2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control. | |||||
| CVE-2008-6202 | 1 Jakob-persson | 1 Cobalt | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) urun.asp, (2) admin/bayi_listele.asp, (3) admin/urun_grup_listele.asp, and (4) admin/urun_listele.asp. | |||||
| CVE-2008-6204 | 1 Supernet | 1 Supernet Shop | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp. | |||||
| CVE-2008-6209 | 1 Vastal | 1 Software Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-6210 | 1 Dream4 | 1 Koobi | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 allows remote attackers to execute arbitrary SQL commands via the img_id parameter in the gallerypic page. | |||||
| CVE-2008-6213 | 1 Harlandscripts | 1 Pro Traffic One | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter. | |||||
| CVE-2008-6214 | 1 Harlandscripts | 1 Pro Traffic One | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6215 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter. | |||||
| CVE-2008-6216 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter. | |||||
| CVE-2008-6220 | 1 Cafuego | 1 Simple Document Management System | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter. | |||||
| CVE-2008-6221 | 2 Dadamailproject, Joomla | 2 Dada Mail Manager, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. | |||||
| CVE-2008-6225 | 1 Mole-group | 1 Airline Ticket Sale Script | 2017-09-29 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist." | |||||
| CVE-2008-6226 | 1 Preproject | 1 Php Auto Listings Script | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter. | |||||
| CVE-2008-6227 | 1 Preproject | 1 Pre Multi-vendor Shopping Malls | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters. | |||||
| CVE-2008-6228 | 1 Preproject | 1 Pre Multi-vendor Shopping Malls | 2017-09-29 | 7.5 HIGH | N/A |
| Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||||
| CVE-2008-6230 | 1 Preprojects | 1 Pre Podcast Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6231 | 1 Preprojects | 1 Pre Classified Listings | 2017-09-29 | 7.5 HIGH | N/A |
| Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||||
| CVE-2008-6232 | 1 Preprojects | 1 Pre Shopping Mall | 2017-09-29 | 7.5 HIGH | N/A |
| Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||||
| CVE-2008-6233 | 1 Fivedollarscripts | 1 Drinks | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter. | |||||
| CVE-2008-6235 | 1 Vim | 1 Vim | 2017-09-29 | 9.3 HIGH | N/A |
| The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. | |||||
| CVE-2008-6237 | 1 Scripts-for-sites | 1 Hotscripts-like Site | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6241 | 1 China-on-site | 1 Flexphpsite | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. | |||||
| CVE-2008-6242 | 1 Scripts-for-sites | 1 Ez E-store | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter. | |||||
| CVE-2008-6243 | 1 Scripts For Sites | 1 Ez Hotscripts-likesite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-6244 | 1 Scripts-for-sites | 1 Ez Gaming Cheats | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_reviews.php in Scripts for Sites (SFS) EZ Gaming Cheats allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6245 | 1 Scripts-for-sites | 1 Ez Biz Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6248 | 1 Galatolo | 1 Galatolo Webmanager | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter. | |||||
| CVE-2008-6249 | 1 Gwm | 1 Galatolo Webmanager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6251 | 1 Scripts | 1 Phpfan | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | |||||
| CVE-2008-6252 | 1 Smcfancontrol | 1 Smcfancontrol | 2017-09-29 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 allows local users to execute arbitrary code and gain privileges via a long -k option. | |||||
| CVE-2008-6254 | 1 Jadu | 1 Jadu Galaxies | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter. | |||||
| CVE-2008-6257 | 1 Openasp | 1 Openasp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Openasp 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idpage parameter in the pages module. | |||||
| CVE-2008-6258 | 1 Quadcomm | 1 Q-shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108. | |||||
| CVE-2008-6259 | 1 Quadcomm | 1 Q-shop | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter. | |||||
| CVE-2008-6260 | 1 Ultrastats | 1 Ultrastats | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3.11 allows remote attackers to execute arbitrary SQL commands via the serverid parameter. | |||||
| CVE-2008-6261 | 1 E-topbiz | 1 Admanager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows remote attackers to execute arbitrary SQL commands via the group parameter. | |||||
| CVE-2008-6263 | 1 Infireal | 1 Saturncms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the username parameter to the _userLoggedIn function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6264 | 1 E-topbiz | 1 Slide Popups | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2008-6265 | 1 Cyberfolio | 1 Cyberfolio | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. | |||||
| CVE-2008-6267 | 1 Sadi Samami | 1 Multi Languages Webshop Online | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2008-6268 | 1 Sadi Samami | 1 Multi Languages Webshop Online | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6269 | 1 Joovili | 1 Joovili | 2017-09-29 | 7.5 HIGH | N/A |
| Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users. | |||||
| CVE-2008-6270 | 1 Miticdjd | 1 Apoll | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter. | |||||
| CVE-2008-6271 | 1 Tbmnet | 1 Tbmnetcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter. | |||||
| CVE-2008-6272 | 1 Miticdjd | 1 Apoll | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter. | |||||