| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-7089 | 0.03 | — | 0.02 | Aug 26, 2009 | Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors. | |||
| CVE-2008-7088 | 0.03 | — | 0.03 | Aug 26, 2009 | Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a… | |||
| CVE-2008-7087 | 0.03 | — | 0.02 | Aug 26, 2009 | PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter. | |||
| CVE-2008-7086 | 0.04 | — | 0.07 | Aug 26, 2009 | Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. | |||
| CVE-2008-7085 | 0.03 | — | 0.02 | Aug 26, 2009 | Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the… | |||
| CVE-2008-7084 | 0.03 | — | 0.03 | Aug 26, 2009 | Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||
| CVE-2009-2966 | 0.04 | — | 0.06 | Aug 25, 2009 | avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters. | |||
| CVE-2009-2965 | 0.03 | — | 0.01 | Aug 25, 2009 | Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||
| CVE-2009-2964 | 0.00 | — | 0.02 | Aug 25, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1)… | |||
| CVE-2009-2963 | 0.00 | — | 0.03 | Aug 25, 2009 | Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers to force the download and execution of arbitrary files via attack vectors related to a "malformed update url and a malformed update website." | |||
| CVE-2009-2961 | 0.03 | — | 0.05 | Aug 25, 2009 | Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file. | |||
| CVE-2009-2960 | 0.03 | — | 0.02 | Aug 25, 2009 | CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request. | |||
| CVE-2009-2959 | 0.00 | — | 0.02 | Aug 25, 2009 | Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-7083 | 0.03 | — | 0.01 | Aug 25, 2009 | Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||
| CVE-2008-7082 | 0.00 | — | 0.01 | Aug 25, 2009 | MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection… | |||
| CVE-2008-7081 | 0.00 | — | 0.02 | Aug 25, 2009 | userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from… | |||
| CVE-2008-7080 | 0.04 | — | 0.08 | Aug 25, 2009 | Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql. | |||
| CVE-2008-7079 | 0.03 | — | 0.06 | Aug 25, 2009 | Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619. | |||
| CVE-2008-7078 | 0.04 | — | 0.07 | Aug 25, 2009 | Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD,… | |||
| CVE-2008-7077 | 0.03 | — | 0.01 | Aug 25, 2009 | Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||
| CVE-2008-7076 | 0.03 | — | 0.03 | Aug 25, 2009 | Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request… | |||
| CVE-2008-7075 | 0.03 | — | 0.02 | Aug 25, 2009 | Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4)… | |||
| CVE-2008-7074 | 0.03 | — | 0.05 | Aug 25, 2009 | Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when… | |||
| CVE-2008-7073 | 0.03 | — | 0.02 | Aug 25, 2009 | PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter. | |||
| CVE-2008-7072 | 0.03 | — | 0.01 | Aug 25, 2009 | Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||
| CVE-2008-7071 | 0.03 | — | 0.01 | Aug 25, 2009 | SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-7070 | 0.03 | — | 0.05 | Aug 25, 2009 | Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an… | |||
| CVE-2008-7069 | 0.03 | — | 0.03 | Aug 25, 2009 | All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat. | |||
| CVE-2008-7068 | 0.00 | — | 0.02 | Aug 25, 2009 | The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database… | |||
| CVE-2008-7067 | 0.03 | — | 0.02 | Aug 25, 2009 | PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter. | |||
| CVE-2008-7066 | 0.03 | — | 0.03 | Aug 25, 2009 | OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters. | |||
| CVE-2008-7065 | 0.03 | — | 0.04 | Aug 25, 2009 | Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060. | |||
| CVE-2008-7064 | 0.03 | — | 0.03 | Aug 25, 2009 | Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang… | |||
| CVE-2008-7063 | 0.03 | — | 0.02 | Aug 25, 2009 | Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb. | |||
| CVE-2008-7062 | 0.04 | — | 0.07 | Aug 25, 2009 | Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/. | |||
| CVE-2008-7061 | 0.03 | — | 0.04 | Aug 24, 2009 | The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly… | |||
| CVE-2008-7060 | 0.00 | — | 0.01 | Aug 24, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the (1) title or (2) content parameters in a news item to add.php, and the (3) itemnum, (4) author, or (5) comment parameters in a comment to… | |||
| CVE-2008-7059 | 0.03 | — | 0.01 | Aug 24, 2009 | SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter. | |||
| CVE-2008-7058 | 0.03 | — | 0.01 | Aug 24, 2009 | Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php. | |||
| CVE-2008-7057 | 0.03 | — | 0.01 | Aug 24, 2009 | Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter. | |||
| CVE-2008-7056 | 0.03 | — | 0.02 | Aug 24, 2009 | BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request. | |||
| CVE-2008-7055 | 0.03 | — | 0.02 | Aug 24, 2009 | module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace… | |||
| CVE-2008-7054 | 0.04 | — | 0.07 | Aug 24, 2009 | Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home… | |||
| CVE-2008-7053 | 0.04 | — | 0.07 | Aug 24, 2009 | LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption. | |||
| CVE-2009-2956 | 0.00 | — | 0.01 | Aug 24, 2009 | The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for… | |||
| CVE-2009-2955 | 0.00 | — | 0.01 | Aug 24, 2009 | Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||
| CVE-2009-2954 | 0.01 | — | 0.13 | Aug 24, 2009 | Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||
| CVE-2009-2953 | 0.03 | — | 0.05 | Aug 24, 2009 | Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||
| CVE-2009-2952 | 0.00 | — | 0.00 | Aug 24, 2009 | Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors. | |||
| CVE-2009-2951 | 0.00 | — | 0.01 | Aug 24, 2009 | Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords. |
- CVE-2008-7089Aug 26, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.
- CVE-2008-7088Aug 26, 2009risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a…
- CVE-2008-7087Aug 26, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.
- CVE-2008-7086Aug 26, 2009risk 0.04cvss —epss 0.07
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
- CVE-2008-7085Aug 26, 2009risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the…
- CVE-2008-7084Aug 26, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- CVE-2009-2966Aug 25, 2009risk 0.04cvss —epss 0.06
avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.
- CVE-2009-2965Aug 25, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
- CVE-2009-2964Aug 25, 2009risk 0.00cvss —epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1)…
- CVE-2009-2963Aug 25, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers to force the download and execution of arbitrary files via attack vectors related to a "malformed update url and a malformed update website."
- CVE-2009-2961Aug 25, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file.
- CVE-2009-2960Aug 25, 2009risk 0.03cvss —epss 0.02
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
- CVE-2009-2959Aug 25, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-7083Aug 25, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
- CVE-2008-7082Aug 25, 2009risk 0.00cvss —epss 0.01
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection…
- CVE-2008-7081Aug 25, 2009risk 0.00cvss —epss 0.02
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from…
- CVE-2008-7080Aug 25, 2009risk 0.04cvss —epss 0.08
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
- CVE-2008-7079Aug 25, 2009risk 0.03cvss —epss 0.06
Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.
- CVE-2008-7078Aug 25, 2009risk 0.04cvss —epss 0.07
Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD,…
- CVE-2008-7077Aug 25, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
- CVE-2008-7076Aug 25, 2009risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request…
- CVE-2008-7075Aug 25, 2009risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4)…
- CVE-2008-7074Aug 25, 2009risk 0.03cvss —epss 0.05
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when…
- CVE-2008-7073Aug 25, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter.
- CVE-2008-7072Aug 25, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter.
- CVE-2008-7071Aug 25, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information.
- CVE-2008-7070Aug 25, 2009risk 0.03cvss —epss 0.05
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an…
- CVE-2008-7069Aug 25, 2009risk 0.03cvss —epss 0.03
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
- CVE-2008-7068Aug 25, 2009risk 0.00cvss —epss 0.02
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database…
- CVE-2008-7067Aug 25, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.
- CVE-2008-7066Aug 25, 2009risk 0.03cvss —epss 0.03
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.
- CVE-2008-7065Aug 25, 2009risk 0.03cvss —epss 0.04
Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060.
- CVE-2008-7064Aug 25, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang…
- CVE-2008-7063Aug 25, 2009risk 0.03cvss —epss 0.02
Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.
- CVE-2008-7062Aug 25, 2009risk 0.04cvss —epss 0.07
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
- CVE-2008-7061Aug 24, 2009risk 0.03cvss —epss 0.04
The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly…
- CVE-2008-7060Aug 24, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the (1) title or (2) content parameters in a news item to add.php, and the (3) itemnum, (4) author, or (5) comment parameters in a comment to…
- CVE-2008-7059Aug 24, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
- CVE-2008-7058Aug 24, 2009risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.
- CVE-2008-7057Aug 24, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote attackers to inject arbitrary HTML or web script via the type parameter.
- CVE-2008-7056Aug 24, 2009risk 0.03cvss —epss 0.02
BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request.
- CVE-2008-7055Aug 24, 2009risk 0.03cvss —epss 0.02
module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" (doubled dot dot slash) sequences in the link parameter, which is not properly filtered using the str_replace…
- CVE-2008-7054Aug 24, 2009risk 0.04cvss —epss 0.07
Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include and execute arbitrary local files via the (1) gsLanguage and (2) language_home parameters to modules/diary/showdiary.php; (3) admin_home, (4) gsLanguage, and (5) language_home…
- CVE-2008-7053Aug 24, 2009risk 0.04cvss —epss 0.07
LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption.
- CVE-2009-2956Aug 24, 2009risk 0.00cvss —epss 0.01
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for…
- CVE-2009-2955Aug 24, 2009risk 0.00cvss —epss 0.01
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
- CVE-2009-2954Aug 24, 2009risk 0.01cvss —epss 0.13
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
- CVE-2009-2953Aug 24, 2009risk 0.03cvss —epss 0.05
Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
- CVE-2009-2952Aug 24, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.
- CVE-2009-2951Aug 24, 2009risk 0.00cvss —epss 0.01
Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.