| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5823 | 0.01 | — | 0.08 | Jan 2, 2009 | An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property. | |||
| CVE-2008-5822 | 0.00 | — | 0.02 | Jan 2, 2009 | Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document. | |||
| CVE-2008-5821 | 0.03 | — | 0.04 | Jan 2, 2009 | Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. | |||
| CVE-2008-2381 | 0.00 | — | 0.02 | Jan 2, 2009 | SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable. | |||
| CVE-2008-5820 | 0.03 | — | 0.01 | Jan 2, 2009 | SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||
| CVE-2008-5819 | 0.03 | — | 0.02 | Jan 2, 2009 | Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third… | |||
| CVE-2008-5818 | 0.03 | — | 0.02 | Jan 2, 2009 | Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third… | |||
| CVE-2008-5817 | 0.03 | — | 0.01 | Jan 2, 2009 | Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action. | |||
| CVE-2008-5816 | 0.03 | — | 0.01 | Jan 2, 2009 | SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter. | |||
| CVE-2008-5815 | 0.03 | — | 0.02 | Jan 2, 2009 | SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-5814 | 0.00 | — | 0.02 | Jan 2, 2009 | Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to… | |||
| CVE-2008-5813 | 0.00 | — | 0.01 | Jan 2, 2009 | SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5812 | 0.00 | — | 0.02 | Jan 2, 2009 | Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors. | |||
| CVE-2008-5811 | 0.03 | — | 0.01 | Jan 2, 2009 | SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php. | |||
| CVE-2008-5810 | 0.00 | — | 0.04 | Jan 2, 2009 | WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup,… | |||
| CVE-2008-5809 | 0.00 | — | 0.01 | Jan 2, 2009 | futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a… | |||
| CVE-2008-5808 | 0.00 | — | 0.01 | Jan 2, 2009 | Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web… | |||
| CVE-2008-2383 | 0.00 | — | 0.05 | Jan 2, 2009 | CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and… | |||
| CVE-2006-7236 | 0.04 | — | 0.07 | Jan 2, 2009 | The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences. | |||
| CVE-2008-5807 | 0.00 | — | 0.01 | Dec 31, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl. | |||
| CVE-2008-5806 | 0.03 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5805 | 0.03 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828. | |||
| CVE-2008-5804 | 0.03 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. | |||
| CVE-2008-5803 | 0.03 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5802 | 0.03 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||
| CVE-2008-5801 | 0.00 | — | 0.02 | Dec 31, 2008 | Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2008-5800 | 0.00 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-5799 | 0.00 | — | 0.01 | Dec 31, 2008 | Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-5798 | 0.00 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-5797 | 0.00 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-5796 | 0.00 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-5795 | 0.00 | — | 0.01 | Dec 31, 2008 | Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-5794 | 0.03 | — | 0.03 | Dec 31, 2008 | Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. | |||
| CVE-2008-5793 | 0.04 | — | 0.15 | Dec 31, 2008 | Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b)… | |||
| CVE-2008-5792 | 0.03 | — | 0.03 | Dec 31, 2008 | PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue. | |||
| CVE-2008-5791 | 0.00 | — | 0.02 | Dec 31, 2008 | Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components. | |||
| CVE-2008-5790 | 0.05 | — | 0.24 | Dec 31, 2008 | Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php… | |||
| CVE-2008-5789 | 0.05 | — | 0.30 | Dec 31, 2008 | Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php… | |||
| CVE-2008-5788 | 0.03 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-5787 | 0.03 | — | 0.03 | Dec 31, 2008 | Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action. | |||
| CVE-2008-5786 | 0.00 | — | 0.01 | Dec 31, 2008 | Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter. | |||
| CVE-2008-5785 | 0.03 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||
| CVE-2008-5784 | Cri | 0.67 | 9.8 | 0.07 | Dec 31, 2008 | V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | ||
| CVE-2008-5783 | 0.03 | — | 0.03 | Dec 31, 2008 | admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | |||
| CVE-2008-5782 | 0.03 | — | 0.01 | Dec 31, 2008 | SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||
| CVE-2008-5781 | 0.03 | — | 0.01 | Dec 30, 2008 | SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||
| CVE-2008-5780 | 0.03 | — | 0.03 | Dec 30, 2008 | Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb. | |||
| CVE-2008-5779 | 0.03 | — | 0.01 | Dec 30, 2008 | SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-5778 | 0.03 | — | 0.01 | Dec 30, 2008 | SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | |||
| CVE-2008-5777 | 0.03 | — | 0.01 | Dec 30, 2008 | SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
- CVE-2008-5823Jan 2, 2009risk 0.01cvss —epss 0.08
An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
- CVE-2008-5822Jan 2, 2009risk 0.00cvss —epss 0.02
Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document.
- CVE-2008-5821Jan 2, 2009risk 0.03cvss —epss 0.04
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
- CVE-2008-2381Jan 2, 2009risk 0.00cvss —epss 0.02
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.
- CVE-2008-5820Jan 2, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
- CVE-2008-5819Jan 2, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in eDNews_archive.php in eDreamers eDNews 2, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third…
- CVE-2008-5818Jan 2, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third…
- CVE-2008-5817Jan 2, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.
- CVE-2008-5816Jan 2, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.
- CVE-2008-5815Jan 2, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5814Jan 2, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to…
- CVE-2008-5813Jan 2, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-5812Jan 2, 2009risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.
- CVE-2008-5811Jan 2, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
- CVE-2008-5810Jan 2, 2009risk 0.00cvss —epss 0.04
WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup,…
- CVE-2008-5809Jan 2, 2009risk 0.00cvss —epss 0.01
futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a…
- CVE-2008-5808Jan 2, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Six Apart Movable Type Enterprise (MTE) 1.x before 1.56; Movable Type (MT) 3.x before 3.38; and Movable Type, Movable Type Open Source (MTOS), and Movable Type Enterprise 4.x before 4.23 allows remote attackers to inject arbitrary web…
- CVE-2008-2383Jan 2, 2009risk 0.00cvss —epss 0.05
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and…
- CVE-2006-7236Jan 2, 2009risk 0.04cvss —epss 0.07
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
- CVE-2008-5807Dec 31, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.
- CVE-2008-5806Dec 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information.
- CVE-2008-5805Dec 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828.
- CVE-2008-5804Dec 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
- CVE-2008-5803Dec 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information.
- CVE-2008-5802Dec 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
- CVE-2008-5801Dec 31, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
- CVE-2008-5800Dec 31, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-5799Dec 31, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-5798Dec 31, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-5797Dec 31, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-5796Dec 31, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-5795Dec 31, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-5794Dec 31, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.
- CVE-2008-5793Dec 31, 2008risk 0.04cvss —epss 0.15
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b)…
- CVE-2008-5792Dec 31, 2008risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
- CVE-2008-5791Dec 31, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.
- CVE-2008-5790Dec 31, 2008risk 0.05cvss —epss 0.24
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php…
- CVE-2008-5789Dec 31, 2008risk 0.05cvss —epss 0.30
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php…
- CVE-2008-5788Dec 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5787Dec 31, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.
- CVE-2008-5786Dec 31, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter.
- CVE-2008-5785Dec 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
- risk 0.67cvss 9.8epss 0.07
V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
- CVE-2008-5783Dec 31, 2008risk 0.03cvss —epss 0.03
admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
- CVE-2008-5782Dec 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
- CVE-2008-5781Dec 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
- CVE-2008-5780Dec 30, 2008risk 0.03cvss —epss 0.03
Forest Blog 1.3.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing passwords via a direct request for blog.mdb.
- CVE-2008-5779Dec 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5778Dec 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
- CVE-2008-5777Dec 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.