| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-4784 | 0.03 | — | 0.03 | Oct 29, 2008 | aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. | |||
| CVE-2008-4783 | 0.03 | — | 0.03 | Oct 29, 2008 | tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin." | |||
| CVE-2008-4782 | 0.03 | — | 0.01 | Oct 29, 2008 | SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | |||
| CVE-2008-4781 | 0.03 | — | 0.02 | Oct 29, 2008 | Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter. | |||
| CVE-2008-4780 | 0.03 | — | 0.02 | Oct 29, 2008 | Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter. | |||
| CVE-2008-4779 | 0.08 | — | 0.65 | Oct 29, 2008 | Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file. | |||
| CVE-2008-4778 | 0.03 | — | 0.01 | Oct 29, 2008 | SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action. | |||
| CVE-2008-4777 | 0.03 | — | 0.01 | Oct 29, 2008 | SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. | |||
| CVE-2008-4776 | 0.00 | — | 0.01 | Oct 28, 2008 | libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. | |||
| CVE-2008-4775 | 0.03 | — | 0.06 | Oct 28, 2008 | Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than… | |||
| CVE-2008-4774 | 0.03 | — | 0.01 | Oct 28, 2008 | Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter. | |||
| CVE-2008-4773 | 0.03 | — | 0.03 | Oct 28, 2008 | Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter. | |||
| CVE-2008-4772 | 0.03 | — | 0.01 | Oct 28, 2008 | SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter. | |||
| CVE-2008-4771 | 0.04 | — | 0.07 | Oct 28, 2008 | Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly… | |||
| CVE-2008-4769 | 0.04 | — | 0.09 | Oct 28, 2008 | Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details… | |||
| CVE-2008-4768 | 0.03 | — | 0.01 | Oct 28, 2008 | SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-2007-4808. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2008-4767 | 0.03 | — | 0.04 | Oct 28, 2008 | Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of… | |||
| CVE-2008-4766 | 0.00 | — | 0.01 | Oct 28, 2008 | SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-4765 | 0.03 | — | 0.01 | Oct 28, 2008 | SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||
| CVE-2008-4764 | 0.04 | — | 0.17 | Oct 28, 2008 | Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. | |||
| CVE-2008-4763 | 0.00 | — | 0.01 | Oct 28, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable. | |||
| CVE-2008-4762 | 0.04 | — | 0.14 | Oct 28, 2008 | Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters. | |||
| CVE-2008-4761 | 0.03 | — | 0.01 | Oct 28, 2008 | Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the… | |||
| CVE-2008-4760 | 0.03 | — | 0.01 | Oct 28, 2008 | SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-4759 | 0.03 | — | 0.03 | Oct 28, 2008 | Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter. | |||
| CVE-2008-4758 | 0.03 | — | 0.03 | Oct 28, 2008 | Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter. | |||
| CVE-2008-4757 | 0.03 | — | 0.01 | Oct 28, 2008 | Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php. | |||
| CVE-2008-4756 | 0.03 | — | 0.02 | Oct 28, 2008 | Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter. | |||
| CVE-2008-4755 | 0.03 | — | 0.01 | Oct 28, 2008 | SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-4754 | 0.03 | — | 0.03 | Oct 27, 2008 | SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | |||
| CVE-2008-4753 | 0.03 | — | 0.01 | Oct 27, 2008 | SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter. | |||
| CVE-2008-4752 | 0.03 | — | 0.03 | Oct 27, 2008 | TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin. | |||
| CVE-2008-4751 | 0.03 | — | 0.02 | Oct 27, 2008 | Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597. | |||
| CVE-2008-4750 | 0.03 | — | 0.06 | Oct 27, 2008 | Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property. | |||
| CVE-2008-4749 | 0.03 | — | 0.03 | Oct 27, 2008 | Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile… | |||
| CVE-2008-4748 | 0.04 | — | 0.08 | Oct 27, 2008 | Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI. | |||
| CVE-2008-4747 | 0.00 | — | 0.00 | Oct 27, 2008 | Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. | |||
| CVE-2008-4746 | 0.00 | — | 0.01 | Oct 27, 2008 | Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp. | |||
| CVE-2008-4745 | 0.00 | — | 0.01 | Oct 27, 2008 | Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-4744 | 0.03 | — | 0.01 | Oct 27, 2008 | SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||
| CVE-2008-4743 | 0.03 | — | 0.01 | Oct 27, 2008 | SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2008-4742 | 0.03 | — | 0.02 | Oct 27, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters. | |||
| CVE-2008-4741 | 0.03 | — | 0.03 | Oct 27, 2008 | Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. | |||
| CVE-2008-4740 | 0.03 | — | 0.02 | Oct 27, 2008 | Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template]… | |||
| CVE-2006-7234 | 0.03 | — | 0.01 | Oct 27, 2008 | Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. | |||
| CVE-2008-4739 | 0.03 | — | 0.02 | Oct 24, 2008 | Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter. | |||
| CVE-2008-4738 | 0.03 | — | 0.01 | Oct 24, 2008 | SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-4737 | 0.03 | — | 0.01 | Oct 24, 2008 | Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the dom parameter. | |||
| CVE-2008-4736 | 0.03 | — | 0.01 | Oct 24, 2008 | SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter. | |||
| CVE-2008-4735 | 0.03 | — | 0.02 | Oct 24, 2008 | PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file parameter. |
- CVE-2008-4784Oct 29, 2008risk 0.03cvss —epss 0.03
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.
- CVE-2008-4783Oct 29, 2008risk 0.03cvss —epss 0.03
tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."
- CVE-2008-4782Oct 29, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
- CVE-2008-4781Oct 29, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
- CVE-2008-4780Oct 29, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter.
- CVE-2008-4779Oct 29, 2008risk 0.08cvss —epss 0.65
Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.
- CVE-2008-4778Oct 29, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.
- CVE-2008-4777Oct 29, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
- CVE-2008-4776Oct 28, 2008risk 0.00cvss —epss 0.01
libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.
- CVE-2008-4775Oct 28, 2008risk 0.03cvss —epss 0.06
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than…
- CVE-2008-4774Oct 28, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter.
- CVE-2008-4773Oct 28, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.
- CVE-2008-4772Oct 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.
- CVE-2008-4771Oct 28, 2008risk 0.04cvss —epss 0.07
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly…
- CVE-2008-4769Oct 28, 2008risk 0.04cvss —epss 0.09
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details…
- CVE-2008-4768Oct 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-2007-4808. NOTE: the provenance of this information is unknown; the details are…
- CVE-2008-4767Oct 28, 2008risk 0.03cvss —epss 0.04
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of…
- CVE-2008-4766Oct 28, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-4765Oct 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
- CVE-2008-4764Oct 28, 2008risk 0.04cvss —epss 0.17
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
- CVE-2008-4763Oct 28, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable.
- CVE-2008-4762Oct 28, 2008risk 0.04cvss —epss 0.14
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
- CVE-2008-4761Oct 28, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the…
- CVE-2008-4760Oct 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-4759Oct 28, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.
- CVE-2008-4758Oct 28, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.
- CVE-2008-4757Oct 28, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.
- CVE-2008-4756Oct 28, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter.
- CVE-2008-4755Oct 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-4754Oct 27, 2008risk 0.03cvss —epss 0.03
SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
- CVE-2008-4753Oct 27, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.
- CVE-2008-4752Oct 27, 2008risk 0.03cvss —epss 0.03
TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.
- CVE-2008-4751Oct 27, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.
- CVE-2008-4750Oct 27, 2008risk 0.03cvss —epss 0.06
Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property.
- CVE-2008-4749Oct 27, 2008risk 0.03cvss —epss 0.03
Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile…
- CVE-2008-4748Oct 27, 2008risk 0.04cvss —epss 0.08
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.
- CVE-2008-4747Oct 27, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library.
- CVE-2008-4746Oct 27, 2008risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp.
- CVE-2008-4745Oct 27, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-4744Oct 27, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.
- CVE-2008-4743Oct 27, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2008-4742Oct 27, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters.
- CVE-2008-4741Oct 27, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
- CVE-2008-4740Oct 27, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[template]…
- CVE-2006-7234Oct 27, 2008risk 0.03cvss —epss 0.01
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
- CVE-2008-4739Oct 24, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter.
- CVE-2008-4738Oct 24, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-4737Oct 24, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the dom parameter.
- CVE-2008-4736Oct 24, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter.
- CVE-2008-4735Oct 24, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file parameter.