Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2443 | 1 Therealestatescript | 1 The Real Estate Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter. | |||||
| CVE-2008-2444 | 1 Calogic | 1 Calogic Calendars | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter. | |||||
| CVE-2008-2445 | 1 Wgcc | 1 Web Group Communication Center | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in profile.php in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a show action. | |||||
| CVE-2008-2446 | 1 Wgcc | 1 Web Group Communication Center | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php. | |||||
| CVE-2008-2447 | 1 Mytipper | 1 Zogo Shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-2448 | 1 Aspindir | 1 Meto Forum | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp. | |||||
| CVE-2008-2453 | 1 Phpclassifiedsscript | 1 Php Classifieds Script | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php. | |||||
| CVE-2008-2455 | 1 E107coders | 1 E107 Blog Engine | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter. | |||||
| CVE-2008-2456 | 1 Comicshout | 1 Comicshout | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ComicShout 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the comic_id parameter. | |||||
| CVE-2008-2457 | 1 Bitmixsoft | 1 Php-jokesite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-2459 | 1 Entertainmentscript | 1 Entertainmentscript | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in page.php in EntertainmentScript 1.4.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. | |||||
| CVE-2008-2461 | 1 Netious | 1 Netious Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Netious CMS 0.4 allows remote attackers to execute arbitrary SQL commands via the pageid parameter, a different vector than CVE-2006-4047. | |||||
| CVE-2008-2463 | 1 Microsoft | 1 Office Snapshot Viewer Activex | 2017-09-29 | 6.8 MEDIUM | N/A |
| The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-2469 | 1 Libspf | 1 Libspf2 | 2017-09-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field. | |||||
| CVE-2008-2476 | 6 Force10, Freebsd, Juniper and 3 more | 6 Ftos, Freebsd, Jnos and 3 more | 2017-09-29 | 9.3 HIGH | N/A |
| The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). | |||||
| CVE-2008-2477 | 1 Mx-system | 1 Mxbb Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-2480 | 1 Plusphp | 1 Plusphp Short Url Multi-user Script | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the _pages_dir parameter. | |||||
| CVE-2008-2481 | 1 Phpraider | 1 Phpraider | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter. | |||||
| CVE-2008-2483 | 1 Xomol | 1 Xomol Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the op parameter. | |||||
| CVE-2008-2484 | 1 Xomol | 1 Xomol Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the email parameter. | |||||
| CVE-2008-2487 | 1 Maxsite | 1 Maxsite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action. | |||||
| CVE-2008-2488 | 1 Beaussier | 1 Roomphplanning | 2017-09-29 | 6.5 MEDIUM | N/A |
| admin/userform.php in RoomPHPlanning 1.5 does not require administrative credentials, which allows remote authenticated users to create new admin accounts. | |||||
| CVE-2008-2496 | 1 Quate | 1 Quate Cms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) login.php, and (3) credits.php in admin/, and (4) upgrade/index.php. | |||||
| CVE-2008-2501 | 1 Henning Stoverud | 1 Phphotoalbum | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php. | |||||
| CVE-2008-2504 | 1 Simpel Side | 1 Netbutik | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php. | |||||
| CVE-2008-2505 | 1 Simpel Side | 1 Weblosninger | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in result.php in Simpel Side Weblosning 1 through 4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2008-2506 | 1 Simpel Side | 1 Weblosning | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php. | |||||
| CVE-2008-2513 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors. | |||||
| CVE-2008-2514 | 1 Ibm | 1 Aix | 2017-09-29 | 4.6 MEDIUM | N/A |
| Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2008-2515 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error." | |||||
| CVE-2008-2520 | 1 Bigace | 1 Bigace | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) system/classes/sql/AdoDBConnection.php; and the (2) GLOBALS[_BIGACE][DIR][admin] parameter to (c) item_information.php and (d) jstree.php in system/application/util/, and (e) system/admin/plugins/menu/menuTree/plugin.php, different vectors than CVE-2006-4423. | |||||
| CVE-2008-2521 | 1 Yabsoft | 1 Mega File Hosting Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2008-2522 | 1 Haudenschilt | 1 Battlenet Clan Script | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action. | |||||
| CVE-2008-2529 | 1 Advanced Links Management | 1 Advanced Links Management | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter. | |||||
| CVE-2008-2530 | 1 Quickupcms | 1 Quickupcms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php. | |||||
| CVE-2008-2532 | 1 Aj Square | 1 Aj Hyip | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2533 | 1 Fkrauthan | 1 Phoenix View Cms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2) conf parameter to (b) gbuch.admin.php, (c) links.admin.php, (d) menue.admin.php, (e) news.admin.php, and (f) todo.admin.php in admin/module/. | |||||
| CVE-2008-2534 | 1 Fkrauthan | 1 Phoenix View Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter. | |||||
| CVE-2008-2535 | 1 Fkrauthan | 1 Phoenix View Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/. | |||||
| CVE-2008-2536 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter. | |||||
| CVE-2008-2537 | 1 Hispah | 1 Model Search | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-2538 | 1 Sun | 1 Solaris | 2017-09-29 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors. | |||||
| CVE-2008-2549 | 1 Adobe | 1 Acrobat Reader | 2017-09-29 | 4.3 MEDIUM | N/A |
| Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf. | |||||
| CVE-2008-2555 | 1 Easyway | 1 Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2008-2556 | 1 Hessel Brouwer | 1 Php Visit Counter | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action. | |||||
| CVE-2008-2560 | 1 Fourtwosevenbb | 1 427bb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||||
| CVE-2008-2561 | 1 Fourtwosevenbb | 1 427bb | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php. | |||||
| CVE-2008-2562 | 1 Powerphlogger | 1 Powerphlogger | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action. | |||||
| CVE-2008-2564 | 1 Joomla | 2 Com Jotloader, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. | |||||
| CVE-2008-2566 | 1 Php-address Book | 1 Php-address Book | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI. | |||||