| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-0622 | 0.00 | — | 0.01 | Feb 26, 2009 | Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system… | |||
| CVE-2009-0621 | 0.00 | — | 0.02 | Feb 26, 2009 | Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device… | |||
| CVE-2009-0620 | 0.00 | — | 0.02 | Feb 26, 2009 | Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or… | |||
| CVE-2009-0618 | 0.00 | — | 0.03 | Feb 26, 2009 | Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading… | |||
| CVE-2009-0617 | 0.00 | — | 0.02 | Feb 26, 2009 | Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files. | |||
| CVE-2009-0616 | 0.00 | — | 0.02 | Feb 26, 2009 | Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation." | |||
| CVE-2009-0615 | 0.00 | — | 0.02 | Feb 26, 2009 | Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid… | |||
| CVE-2009-0614 | 0.00 | — | 0.03 | Feb 26, 2009 | Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL. | |||
| CVE-2009-0524 | 0.00 | — | 0.02 | Feb 26, 2009 | Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp. | |||
| CVE-2009-0523 | 0.00 | — | 0.02 | Feb 26, 2009 | Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log. | |||
| CVE-2009-0522 | 0.00 | — | 0.03 | Feb 26, 2009 | Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." | |||
| CVE-2009-0521 | 0.00 | — | 0.01 | Feb 26, 2009 | Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH. | |||
| CVE-2009-0520 | 0.05 | — | 0.28 | Feb 26, 2009 | Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue." | |||
| CVE-2009-0519 | 0.01 | — | 0.15 | Feb 26, 2009 | Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. | |||
| CVE-2009-0507 | 0.00 | — | 0.01 | Feb 26, 2009 | IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2)… | |||
| CVE-2009-0187 | 0.06 | — | 0.40 | Feb 26, 2009 | Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message. | |||
| CVE-2009-0114 | 0.00 | — | 0.04 | Feb 26, 2009 | Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking… | |||
| CVE-2008-6301 | 0.03 | — | 0.01 | Feb 26, 2009 | SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action. | |||
| CVE-2008-6300 | 0.03 | — | 0.03 | Feb 26, 2009 | Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-6299 | 0.00 | — | 0.01 | Feb 26, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in… | |||
| CVE-2008-6298 | 0.00 | — | 0.01 | Feb 26, 2009 | Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function." | |||
| CVE-2008-6297 | 0.03 | — | 0.01 | Feb 26, 2009 | Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters. | |||
| CVE-2008-6296 | 0.03 | — | 0.03 | Feb 26, 2009 | admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo." | |||
| CVE-2008-6295 | 0.00 | — | 0.01 | Feb 26, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4)… | |||
| CVE-2008-6294 | 0.03 | — | 0.03 | Feb 26, 2009 | admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin." | |||
| CVE-2008-6293 | 0.03 | — | 0.03 | Feb 26, 2009 | admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin." | |||
| CVE-2008-6292 | 0.03 | — | 0.03 | Feb 26, 2009 | Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1." | |||
| CVE-2008-6291 | 0.03 | — | 0.02 | Feb 26, 2009 | Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to "admin". | |||
| CVE-2008-6290 | 0.03 | — | 0.02 | Feb 26, 2009 | Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter. | |||
| CVE-2008-6289 | 0.03 | — | 0.01 | Feb 26, 2009 | SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter. | |||
| CVE-2008-5263 | 0.00 | — | 0.02 | Feb 26, 2009 | Multiple stack-based buffer overflows in the mt_codec::getHdrHead function in kernel/kls_hdr/fmt_codec_hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file). | |||
| CVE-2008-6288 | 0.03 | — | 0.03 | Feb 25, 2009 | Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||
| CVE-2008-6287 | 0.03 | — | 0.02 | Feb 25, 2009 | Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5)… | |||
| CVE-2008-6286 | 0.03 | — | 0.01 | Feb 25, 2009 | Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp… | |||
| CVE-2008-6285 | 0.03 | — | 0.01 | Feb 25, 2009 | SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||
| CVE-2008-6284 | 0.03 | — | 0.01 | Feb 25, 2009 | SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter. | |||
| CVE-2008-6283 | 0.00 | — | 0.01 | Feb 25, 2009 | Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags." | |||
| CVE-2008-6282 | 0.03 | — | 0.02 | Feb 25, 2009 | SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php. | |||
| CVE-2008-6281 | 0.03 | — | 0.01 | Feb 25, 2009 | SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-6280 | 0.04 | — | 0.07 | Feb 25, 2009 | Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation. | |||
| CVE-2008-6279 | 0.03 | — | 0.03 | Feb 25, 2009 | RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message. | |||
| CVE-2008-6278 | 0.03 | — | 0.01 | Feb 25, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters. | |||
| CVE-2008-6277 | 0.03 | — | 0.01 | Feb 25, 2009 | SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter. | |||
| CVE-2008-6276 | 0.00 | — | 0.01 | Feb 25, 2009 | Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. | |||
| CVE-2008-6275 | 0.00 | — | 0.01 | Feb 25, 2009 | Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. | |||
| CVE-2008-6274 | 0.03 | — | 0.01 | Feb 25, 2009 | Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are… | |||
| CVE-2009-0741 | 0.03 | — | 0.01 | Feb 25, 2009 | SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter. | |||
| CVE-2009-0740 | 0.03 | — | 0.01 | Feb 25, 2009 | SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | |||
| CVE-2009-0739 | 0.03 | — | 0.01 | Feb 25, 2009 | SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | |||
| CVE-2009-0738 | 0.03 | — | 0.01 | Feb 25, 2009 | SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. |
- CVE-2009-0622Feb 26, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system…
- CVE-2009-0621Feb 26, 2009risk 0.00cvss —epss 0.02
Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device…
- CVE-2009-0620Feb 26, 2009risk 0.00cvss —epss 0.02
Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or…
- CVE-2009-0618Feb 26, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading…
- CVE-2009-0617Feb 26, 2009risk 0.00cvss —epss 0.02
Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files.
- CVE-2009-0616Feb 26, 2009risk 0.00cvss —epss 0.02
Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation."
- CVE-2009-0615Feb 26, 2009risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid…
- CVE-2009-0614Feb 26, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.
- CVE-2009-0524Feb 26, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp.
- CVE-2009-0523Feb 26, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log.
- CVE-2009-0522Feb 26, 2009risk 0.00cvss —epss 0.03
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack."
- CVE-2009-0521Feb 26, 2009risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.
- CVE-2009-0520Feb 26, 2009risk 0.05cvss —epss 0.28
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."
- CVE-2009-0519Feb 26, 2009risk 0.01cvss —epss 0.15
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.
- CVE-2009-0507Feb 26, 2009risk 0.00cvss —epss 0.01
IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2)…
- CVE-2009-0187Feb 26, 2009risk 0.06cvss —epss 0.40
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.
- CVE-2009-0114Feb 26, 2009risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking…
- CVE-2008-6301Feb 26, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
- CVE-2008-6300Feb 26, 2009risk 0.03cvss —epss 0.03
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm_user and (2) gwm_pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-6299Feb 26, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in…
- CVE-2008-6298Feb 26, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function."
- CVE-2008-6297Feb 26, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters.
- CVE-2008-6296Feb 26, 2009risk 0.03cvss —epss 0.03
admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."
- CVE-2008-6295Feb 26, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4)…
- CVE-2008-6294Feb 26, 2009risk 0.03cvss —epss 0.03
admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin."
- CVE-2008-6293Feb 26, 2009risk 0.03cvss —epss 0.03
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to "admin."
- CVE-2008-6292Feb 26, 2009risk 0.03cvss —epss 0.03
Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username_cookie to "admin," (2) right_cookie to "1," and (3) id_cookie to "1."
- CVE-2008-6291Feb 26, 2009risk 0.03cvss —epss 0.02
Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to "admin".
- CVE-2008-6290Feb 26, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in includefile.php in nicLOR Sito, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page_file parameter.
- CVE-2008-6289Feb 26, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter.
- CVE-2008-5263Feb 26, 2009risk 0.00cvss —epss 0.02
Multiple stack-based buffer overflows in the mt_codec::getHdrHead function in kernel/kls_hdr/fmt_codec_hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file).
- CVE-2008-6288Feb 25, 2009risk 0.03cvss —epss 0.03
Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
- CVE-2008-6287Feb 25, 2009risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5)…
- CVE-2008-6286Feb 25, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp…
- CVE-2008-6285Feb 25, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter.
- CVE-2008-6284Feb 25, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter.
- CVE-2008-6283Feb 25, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags."
- CVE-2008-6282Feb 25, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php.
- CVE-2008-6281Feb 25, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-6280Feb 25, 2009risk 0.04cvss —epss 0.07
Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation.
- CVE-2008-6279Feb 25, 2009risk 0.03cvss —epss 0.03
RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message.
- CVE-2008-6278Feb 25, 2009risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters.
- CVE-2008-6277Feb 25, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter.
- CVE-2008-6276Feb 25, 2009risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value.
- CVE-2008-6275Feb 25, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages.
- CVE-2008-6274Feb 25, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are…
- CVE-2009-0741Feb 25, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter.
- CVE-2009-0740Feb 25, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
- CVE-2009-0739Feb 25, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
- CVE-2009-0738Feb 25, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.