| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6242 | 0.03 | — | 0.01 | Feb 23, 2009 | SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter. | |||
| CVE-2009-0711 | 0.03 | — | 0.01 | Feb 23, 2009 | filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection… | |||
| CVE-2009-0710 | 0.03 | — | 0.02 | Feb 23, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the user parameter to login.php or (2) the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the… | |||
| CVE-2009-0709 | 0.03 | — | 0.01 | Feb 23, 2009 | SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2009-0708 | 0.00 | — | 0.01 | Feb 23, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page. | |||
| CVE-2009-0707 | 0.03 | — | 0.02 | Feb 23, 2009 | SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-0706 | 0.00 | — | 0.01 | Feb 23, 2009 | SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. | |||
| CVE-2009-0705 | 0.03 | — | 0.01 | Feb 23, 2009 | SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||
| CVE-2009-0704 | 0.03 | — | 0.01 | Feb 23, 2009 | SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action. | |||
| CVE-2009-0703 | 0.03 | — | 0.01 | Feb 23, 2009 | SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2009-0702 | 0.03 | — | 0.01 | Feb 23, 2009 | SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php. | |||
| CVE-2009-0701 | 0.03 | — | 0.02 | Feb 23, 2009 | Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters. | |||
| CVE-2009-0700 | 0.03 | — | 0.03 | Feb 23, 2009 | Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to… | |||
| CVE-2009-0699 | 0.03 | — | 0.01 | Feb 23, 2009 | Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters. | |||
| CVE-2009-0698 | 0.00 | — | 0.04 | Feb 23, 2009 | Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385. | |||
| CVE-2008-6241 | 0.03 | — | 0.01 | Feb 23, 2009 | Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka… | |||
| CVE-2008-6240 | 0.00 | — | 0.01 | Feb 23, 2009 | Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter. | |||
| CVE-2008-6239 | 0.00 | — | 0.01 | Feb 23, 2009 | Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to perform unspecified actions as arbitrary users via unknown vectors. | |||
| CVE-2008-6238 | 0.00 | — | 0.01 | Feb 23, 2009 | Cross-site scripting (XSS) vulnerability in archive/savedqueries/savequeryfinish.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||
| CVE-2008-6237 | 0.03 | — | 0.01 | Feb 23, 2009 | SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2009-0680 | 0.04 | — | 0.08 | Feb 22, 2009 | cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. | |||
| CVE-2009-0679 | 0.00 | — | 0.01 | Feb 22, 2009 | Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-0678 | 0.03 | — | 0.03 | Feb 22, 2009 | images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message. | |||
| CVE-2009-0677 | 0.04 | — | 0.09 | Feb 22, 2009 | avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function… | |||
| CVE-2009-0676 | 0.03 | — | 0.01 | Feb 22, 2009 | The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. | |||
| CVE-2009-0675 | 0.00 | — | 0.00 | Feb 22, 2009 | The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related… | |||
| CVE-2009-0674 | 0.03 | — | 0.02 | Feb 22, 2009 | images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error… | |||
| CVE-2009-0673 | 0.03 | — | 0.03 | Feb 22, 2009 | Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php. | |||
| CVE-2009-0672 | 0.03 | — | 0.01 | Feb 22, 2009 | SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php. | |||
| CVE-2009-0440 | 0.00 | — | 0.01 | Feb 22, 2009 | IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service… | |||
| CVE-2009-0040 | 0.00 | — | 0.05 | Feb 22, 2009 | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers… | |||
| CVE-2008-6236 | 0.03 | — | 0.01 | Feb 21, 2009 | SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2008-6235 | 0.00 | — | 0.03 | Feb 21, 2009 | The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases. | |||
| CVE-2008-3076 | 0.04 | — | 0.09 | Feb 21, 2009 | The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test… | |||
| CVE-2008-3075 | 0.00 | — | 0.04 | Feb 21, 2009 | The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive,… | |||
| CVE-2008-3074 | 0.00 | — | 0.04 | Feb 21, 2009 | The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive,… | |||
| CVE-2008-6234 | 0.03 | — | 0.01 | Feb 21, 2009 | SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||
| CVE-2008-6233 | 0.03 | — | 0.01 | Feb 20, 2009 | SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter. | |||
| CVE-2008-6232 | 0.03 | — | 0.03 | Feb 20, 2009 | Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||
| CVE-2008-6231 | 0.03 | — | 0.03 | Feb 20, 2009 | Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||
| CVE-2008-6230 | 0.03 | — | 0.01 | Feb 20, 2009 | SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-6229 | 0.00 | — | 0.01 | Feb 20, 2009 | Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web… | |||
| CVE-2008-6228 | 0.03 | — | 0.03 | Feb 20, 2009 | Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||
| CVE-2008-6227 | 0.03 | — | 0.01 | Feb 20, 2009 | SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters. | |||
| CVE-2008-6226 | 0.03 | — | 0.01 | Feb 20, 2009 | SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter. | |||
| CVE-2008-6225 | 0.03 | — | 0.01 | Feb 20, 2009 | SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out… | |||
| CVE-2008-6224 | 0.03 | — | 0.02 | Feb 20, 2009 | Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter. | |||
| CVE-2008-6223 | 0.03 | — | 0.02 | Feb 20, 2009 | PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php. | |||
| CVE-2008-6222 | 0.04 | — | 0.12 | Feb 20, 2009 | Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. | |||
| CVE-2008-6221 | 0.05 | — | 0.28 | Feb 20, 2009 | PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. |
- CVE-2008-6242Feb 23, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter.
- CVE-2009-0711Feb 23, 2009risk 0.03cvss —epss 0.01
filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection…
- CVE-2009-0710Feb 23, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the user parameter to login.php or (2) the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the…
- CVE-2009-0709Feb 23, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2009-0708Feb 23, 2009risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to (1) hijack the authentication of administrators via unknown vectors or (2) hijack the authentication of arbitrary users via vectors involving the profile page.
- CVE-2009-0707Feb 23, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
- CVE-2009-0706Feb 23, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
- CVE-2009-0705Feb 23, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
- CVE-2009-0704Feb 23, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action.
- CVE-2009-0703Feb 23, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2009-0702Feb 23, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
- CVE-2009-0701Feb 23, 2009risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME_header and (2) THEME_footer parameters.
- CVE-2009-0700Feb 23, 2009risk 0.03cvss —epss 0.03
Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys_DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to…
- CVE-2009-0699Feb 23, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters.
- CVE-2009-0698Feb 23, 2009risk 0.00cvss —epss 0.04
Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current_track value, a similar issue to CVE-2009-0385.
- CVE-2008-6241Feb 23, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka…
- CVE-2008-6240Feb 23, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter.
- CVE-2008-6239Feb 23, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to perform unspecified actions as arbitrary users via unknown vectors.
- CVE-2008-6238Feb 23, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in archive/savedqueries/savequeryfinish.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
- CVE-2008-6237Feb 23, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2009-0680Feb 22, 2009risk 0.04cvss —epss 0.08
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
- CVE-2009-0679Feb 22, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-0678Feb 22, 2009risk 0.03cvss —epss 0.03
images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.
- CVE-2009-0677Feb 22, 2009risk 0.04cvss —epss 0.09
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function…
- CVE-2009-0676Feb 22, 2009risk 0.03cvss —epss 0.01
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
- CVE-2009-0675Feb 22, 2009risk 0.00cvss —epss 0.00
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related…
- CVE-2009-0674Feb 22, 2009risk 0.03cvss —epss 0.02
images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error…
- CVE-2009-0673Feb 22, 2009risk 0.03cvss —epss 0.03
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
- CVE-2009-0672Feb 22, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.
- CVE-2009-0440Feb 22, 2009risk 0.00cvss —epss 0.01
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service…
- CVE-2009-0040Feb 22, 2009risk 0.00cvss —epss 0.05
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers…
- CVE-2008-6236Feb 21, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are…
- CVE-2008-6235Feb 21, 2009risk 0.00cvss —epss 0.03
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
- CVE-2008-3076Feb 21, 2009risk 0.04cvss —epss 0.09
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test…
- CVE-2008-3075Feb 21, 2009risk 0.00cvss —epss 0.04
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive,…
- CVE-2008-3074Feb 21, 2009risk 0.00cvss —epss 0.04
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive,…
- CVE-2008-6234Feb 21, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
- CVE-2008-6233Feb 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter.
- CVE-2008-6232Feb 20, 2009risk 0.03cvss —epss 0.03
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
- CVE-2008-6231Feb 20, 2009risk 0.03cvss —epss 0.03
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
- CVE-2008-6230Feb 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-6229Feb 20, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web…
- CVE-2008-6228Feb 20, 2009risk 0.03cvss —epss 0.03
Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
- CVE-2008-6227Feb 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters.
- CVE-2008-6226Feb 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.
- CVE-2008-6225Feb 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out…
- CVE-2008-6224Feb 20, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter.
- CVE-2008-6223Feb 20, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.
- CVE-2008-6222Feb 20, 2009risk 0.04cvss —epss 0.12
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
- CVE-2008-6221Feb 20, 2009risk 0.05cvss —epss 0.28
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.