Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5722 | 1 Sawstudio | 1 Sawstudio | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in SAWStudio 3.9i allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long SAWSTUDIO PREFERENCES STRUCT value in a .prf (preferences) file. | |||||
| CVE-2008-5725 | 1 Entechtaiwan | 1 Powerstrip | 2017-09-29 | 7.2 HIGH | N/A |
| The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory. | |||||
| CVE-2008-5726 | 1 Stormboards Aaronnemisis | 1 Stormboards | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5727 | 1 Netcat | 1 Netcat | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string. | |||||
| CVE-2008-5728 | 1 Netcat | 1 Netcat | 2017-09-29 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/. | |||||
| CVE-2008-5729 | 1 Netcat | 1 Netcat | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php. | |||||
| CVE-2008-5730 | 1 Netcat | 1 Netcat | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file. | |||||
| CVE-2008-5732 | 1 Kafooeyblog | 1 Kafooeyblog | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||||
| CVE-2008-5737 | 1 Nodstrum | 1 Mysql Calendar | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-5738 | 1 Nodstrum | 1 Mysql Calendar | 2017-09-29 | 7.5 HIGH | N/A |
| Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5739 | 1 Pligg | 1 Pligg Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter. | |||||
| CVE-2008-5742 | 1 Netcat | 1 Netcat | 2017-09-29 | 4.0 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure. | |||||
| CVE-2008-5748 | 1 Bloofox | 1 Bloofoxcms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters. | |||||
| CVE-2008-5751 | 1 Alstrasoft | 1 Web Email Script Enterprise | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action. | |||||
| CVE-2008-5752 | 1 Wordpress | 2 Page Flip Image Gallery Plugin, Wordpress | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5753 | 1 Bpftp | 1 Bulletproof Ftp Client | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar. | |||||
| CVE-2008-5754 | 1 Bpftp | 1 Bulletproof Ftp Client | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753. | |||||
| CVE-2008-5755 | 1 Intellitamper | 1 Intellitamper | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494. | |||||
| CVE-2008-5756 | 1 Bpsoft | 1 Hex Workshop | 2017-09-29 | 9.3 HIGH | N/A |
| Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file. | |||||
| CVE-2008-5761 | 1 Flatnux | 1 Flatnux | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element. | |||||
| CVE-2008-5762 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2017-09-29 | 5.0 MEDIUM | N/A |
| Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt. | |||||
| CVE-2008-5763 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter. | |||||
| CVE-2008-5764 | 1 2500mhz | 1 Worksimple | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
| CVE-2008-5765 | 1 2500mhz | 1 Worksimple | 2017-09-29 | 5.0 MEDIUM | N/A |
| WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt. | |||||
| CVE-2008-5766 | 1 Fascript | 1 Faupload | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5767 | 1 Gazatem | 1 Gnews Publisher | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter. | |||||
| CVE-2008-5768 | 2 Sirium, Xoops | 2 Am Events Module, Xoops | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5770 | 1 Phpweather | 1 Phpweather | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2008-5771 | 1 Phpweather | 1 Phpweather | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
| CVE-2008-5772 | 1 Aspsiteware | 1 Realtylistings | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp. | |||||
| CVE-2008-5773 | 1 Nukedit | 1 Nukedit | 2017-09-29 | 5.0 MEDIUM | N/A |
| Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb. | |||||
| CVE-2008-5774 | 1 Aspsiteware | 1 Homebuilder | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp. | |||||
| CVE-2008-5775 | 1 Apertoblog | 1 Apertoblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5776 | 1 Apertoblog | 1 Apertoblog | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-5777 | 1 Cadenix | 1 Cadenix | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-5778 | 1 Flds Script | 1 Flds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | |||||
| CVE-2008-5779 | 1 Flds Script | 1 Flds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5780 | 1 Hostforest | 1 Forest Blog | 2017-09-29 | 5.0 MEDIUM | N/A |
| Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb. | |||||
| CVE-2008-5781 | 1 Cfagcms | 1 Cfagcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
| CVE-2008-5782 | 1 Zeeways | 1 Zeematri | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||||
| CVE-2008-5783 | 1 V3chat | 1 V3 Chat Live Support | 2017-09-29 | 7.5 HIGH | N/A |
| admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
| CVE-2008-5784 | 1 V3chat | 1 V3 Chat Profiles Dating Script | 2017-09-29 | 7.5 HIGH | N/A |
| V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||||
| CVE-2008-5785 | 1 V3chat | 1 V3 Chat Profiles Dating Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||||
| CVE-2008-5788 | 1 Domainsellerpro | 1 Domain Seller Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5789 | 2 Joomla, Recly | 2 Joomla, Interactive Feederator | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php. | |||||
| CVE-2008-5790 | 2 Joomla, Recly | 2 Joomla, Competitions | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. | |||||
| CVE-2008-5793 | 2 Joomla, Recly | 2 Joomla, Clickheat-heatmap | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php. | |||||
| CVE-2008-5794 | 1 Lovecms | 1 Lovecms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. | |||||
| CVE-2008-5802 | 1 E-topbiz | 1 Online Store | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-5803 | 1 E-topbiz | 1 Online Store | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information. | |||||