| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-0747 | 0.00 | — | 0.00 | Feb 27, 2009 | The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and… | |||
| CVE-2009-0746 | 0.03 | — | 0.01 | Feb 27, 2009 | The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem. | |||
| CVE-2009-0745 | 0.00 | — | 0.00 | Feb 27, 2009 | The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS)… | |||
| CVE-2009-0744 | 0.04 | — | 0.07 | Feb 27, 2009 | Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or… | |||
| CVE-2009-0743 | 0.00 | — | 0.01 | Feb 27, 2009 | Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via… | |||
| CVE-2009-0028 | 0.03 | — | 0.01 | Feb 27, 2009 | The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. | |||
| CVE-2008-6346 | 0.00 | — | 0.01 | Feb 27, 2009 | Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-6345 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to indes.php. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-6344 | 0.00 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6343 | 0.00 | — | 0.01 | Feb 27, 2009 | Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-6342 | 0.00 | — | 0.01 | Feb 27, 2009 | Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | |||
| CVE-2008-6341 | 0.00 | — | 0.01 | Feb 27, 2009 | Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-6340 | 0.00 | — | 0.01 | Feb 27, 2009 | Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-6338 | 0.00 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6337 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php. | |||
| CVE-2008-6336 | 0.03 | — | 0.02 | Feb 27, 2009 | Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal sequences in the filename parameter. | |||
| CVE-2008-6335 | 0.03 | — | 0.03 | Feb 27, 2009 | Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||
| CVE-2008-6334 | 0.03 | — | 0.03 | Feb 27, 2009 | Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||
| CVE-2008-6333 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||
| CVE-2008-6332 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||
| CVE-2008-6331 | 0.00 | — | 0.00 | Feb 27, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2008-6330 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action. | |||
| CVE-2008-6329 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party… | |||
| CVE-2008-6328 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-6327 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312. | |||
| CVE-2008-6326 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-6325 | 0.03 | — | 0.01 | Feb 27, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php,… | |||
| CVE-2008-6324 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||
| CVE-2008-6323 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||
| CVE-2008-6322 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||
| CVE-2008-6321 | 0.03 | — | 0.02 | Feb 27, 2009 | CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request. | |||
| CVE-2008-6320 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows remote attackers to execute arbitrary SQL commands via the Category parameter in a ViewCategory action. | |||
| CVE-2008-6319 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |||
| CVE-2008-6318 | 0.03 | — | 0.02 | Feb 27, 2009 | PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317. | |||
| CVE-2008-6317 | 0.03 | — | 0.02 | Feb 27, 2009 | Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the… | |||
| CVE-2008-6316 | 0.03 | — | 0.02 | Feb 27, 2009 | Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than… | |||
| CVE-2008-6315 | 0.03 | — | 0.02 | Feb 27, 2009 | PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316. | |||
| CVE-2008-6314 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | |||
| CVE-2008-6313 | 0.03 | — | 0.02 | Feb 27, 2009 | Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter. NOTE: PHP remote file inclusion attacks are also likely. | |||
| CVE-2008-6312 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2008-6311 | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name. | |||
| CVE-2008-6310 | — | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information. | ||
| CVE-2008-6309 | — | 0.03 | — | 0.01 | Feb 27, 2009 | SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information. | ||
| CVE-2008-6308 | 0.03 | — | 0.02 | Feb 27, 2009 | Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the pun_user[language] parameter to (1) functions_navlinks.php, (2)… | |||
| CVE-2009-0208 | 0.01 | — | 0.08 | Feb 26, 2009 | Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2008-6307 | 0.03 | — | 0.03 | Feb 26, 2009 | E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin." | |||
| CVE-2008-6306 | 0.03 | — | 0.01 | Feb 26, 2009 | Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-6305 | 0.03 | — | 0.02 | Feb 26, 2009 | PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter. | |||
| CVE-2008-6304 | 0.00 | — | 0.01 | Feb 26, 2009 | SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when magic_quotes_gpc is enabled and the SEO URLs are activated, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-6303 | 0.03 | — | 0.01 | Feb 26, 2009 | SQL injection vulnerability in tourview.php in ToursManager allows remote attackers to execute arbitrary SQL commands via the tourid parameter. |
- CVE-2009-0747Feb 27, 2009risk 0.00cvss —epss 0.00
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and…
- CVE-2009-0746Feb 27, 2009risk 0.03cvss —epss 0.01
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.
- CVE-2009-0745Feb 27, 2009risk 0.00cvss —epss 0.00
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS)…
- CVE-2009-0744Feb 27, 2009risk 0.04cvss —epss 0.07
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or…
- CVE-2009-0743Feb 27, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via…
- CVE-2009-0028Feb 27, 2009risk 0.03cvss —epss 0.01
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
- CVE-2008-6346Feb 27, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-6345Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to indes.php. NOTE: some of these details are obtained from third party information.
- CVE-2008-6344Feb 27, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6343Feb 27, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-6342Feb 27, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.
- CVE-2008-6341Feb 27, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-6340Feb 27, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-6338Feb 27, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6337Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php.
- CVE-2008-6336Feb 27, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in download.php in Text Lines Rearrange Script 1.0, when register_globals is enabled, allows remote attackers to read arbitrary local files via directory traversal sequences in the filename parameter.
- CVE-2008-6335Feb 27, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in download.php in eMetrix Online Keyword Research Tool allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
- CVE-2008-6334Feb 27, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
- CVE-2008-6333Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter.
- CVE-2008-6332Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
- CVE-2008-6331Feb 27, 2009risk 0.00cvss —epss 0.00
Multiple cross-site request forgery (CSRF) vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2008-6330Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action.
- CVE-2008-6329Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party…
- CVE-2008-6328Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-6327Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312.
- CVE-2008-6326Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-6325Feb 27, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php,…
- CVE-2008-6324Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
- CVE-2008-6323Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
- CVE-2008-6322Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
- CVE-2008-6321Feb 27, 2009risk 0.03cvss —epss 0.02
CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request.
- CVE-2008-6320Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows remote attackers to execute arbitrary SQL commands via the Category parameter in a ViewCategory action.
- CVE-2008-6319Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.
- CVE-2008-6318Feb 27, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317.
- CVE-2008-6317Feb 27, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the…
- CVE-2008-6316Feb 27, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than…
- CVE-2008-6315Feb 27, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316.
- CVE-2008-6314Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
- CVE-2008-6313Feb 27, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter. NOTE: PHP remote file inclusion attacks are also likely.
- CVE-2008-6312Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
- CVE-2008-6311Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.
- CVE-2008-6310Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-6309Feb 27, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-6308Feb 27, 2009risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the pun_user[language] parameter to (1) functions_navlinks.php, (2)…
- CVE-2009-0208Feb 26, 2009risk 0.01cvss —epss 0.08
Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2008-6307Feb 26, 2009risk 0.03cvss —epss 0.03
E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."
- CVE-2008-6306Feb 26, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-6305Feb 26, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter.
- CVE-2008-6304Feb 26, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when magic_quotes_gpc is enabled and the SEO URLs are activated, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-6303Feb 26, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in tourview.php in ToursManager allows remote attackers to execute arbitrary SQL commands via the tourid parameter.