| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3785 | 0.03 | — | 0.01 | Aug 26, 2008 | Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php. | |||
| CVE-2008-3786 | 0.03 | — | 0.01 | Aug 26, 2008 | Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action. | |||
| CVE-2008-3787 | 0.03 | — | 0.01 | Aug 26, 2008 | SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||
| CVE-2008-3788 | 0.03 | — | 0.01 | Aug 26, 2008 | Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password… | |||
| CVE-2008-3776 | 0.03 | — | 0.03 | Aug 25, 2008 | Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||
| CVE-2008-3777 | 0.00 | — | 0.00 | Aug 25, 2008 | The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to… | |||
| CVE-2008-3778 | 0.00 | — | 0.01 | Aug 25, 2008 | The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause… | |||
| CVE-2008-3766 | 0.00 | — | 0.01 | Aug 22, 2008 | Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages. | |||
| CVE-2008-3767 | 0.03 | — | 0.01 | Aug 22, 2008 | SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||
| CVE-2008-3768 | 0.03 | — | 0.02 | Aug 22, 2008 | Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email… | |||
| CVE-2008-3769 | 0.00 | — | 0.01 | Aug 22, 2008 | PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter. | |||
| CVE-2008-3770 | 0.03 | — | 0.02 | Aug 22, 2008 | Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2)… | |||
| CVE-2008-3771 | 0.03 | — | 0.01 | Aug 22, 2008 | Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter. | |||
| CVE-2008-3772 | 0.03 | — | 0.01 | Aug 22, 2008 | SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||
| CVE-2008-3773 | 0.03 | — | 0.04 | Aug 22, 2008 | Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). | |||
| CVE-2008-3774 | 0.03 | — | 0.01 | Aug 22, 2008 | SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3775 | Med | 0.29 | 4.4 | 0.00 | Aug 22, 2008 | Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value. | ||
| CVE-2008-3748 | 0.03 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3749 | 0.03 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3750 | 0.03 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3751 | 0.00 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3752 | 0.03 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3753 | 0.00 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3754 | 0.03 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3755 | 0.03 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||
| CVE-2008-3756 | 0.03 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3757 | 0.00 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3758 | 0.03 | — | 0.02 | Aug 21, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via… | |||
| CVE-2008-3759 | 0.00 | — | 0.01 | Aug 21, 2008 | Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors. | |||
| CVE-2008-3760 | 0.00 | — | 0.01 | Aug 21, 2008 | Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php. | |||
| CVE-2008-3761 | 0.03 | — | 0.01 | Aug 21, 2008 | hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local… | |||
| CVE-2008-3762 | 0.03 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php. | |||
| CVE-2008-3763 | 0.03 | — | 0.03 | Aug 21, 2008 | Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by… | |||
| CVE-2008-3764 | 0.03 | — | 0.03 | Aug 21, 2008 | Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php. | |||
| CVE-2008-3765 | 0.03 | — | 0.01 | Aug 21, 2008 | SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3718 | 0.03 | — | 0.01 | Aug 20, 2008 | Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php. | |||
| CVE-2008-3719 | 0.03 | — | 0.01 | Aug 20, 2008 | SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action. | |||
| CVE-2008-3720 | 0.03 | — | 0.01 | Aug 20, 2008 | SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679. | |||
| CVE-2008-3721 | 0.03 | — | 0.02 | Aug 20, 2008 | PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. | |||
| CVE-2008-3722 | 0.03 | — | 0.01 | Aug 20, 2008 | SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-3723 | 0.03 | — | 0.04 | Aug 20, 2008 | Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE:… | |||
| CVE-2008-3724 | 0.00 | — | 0.01 | Aug 20, 2008 | SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter. | |||
| CVE-2008-3725 | 0.03 | — | 0.01 | Aug 20, 2008 | SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3726 | 0.00 | — | 0.01 | Aug 20, 2008 | Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI. | |||
| CVE-2008-3727 | 0.00 | — | 0.03 | Aug 20, 2008 | Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||
| CVE-2008-3728 | 0.00 | — | 0.02 | Aug 20, 2008 | Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests… | |||
| CVE-2008-3729 | 0.00 | — | 0.02 | Aug 20, 2008 | Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. | |||
| CVE-2008-3730 | 0.00 | — | 0.01 | Aug 20, 2008 | Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-3731 | 0.00 | — | 0.02 | Aug 20, 2008 | Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging. | |||
| CVE-2008-3732 | 0.04 | — | 0.13 | Aug 20, 2008 | Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of… |
- CVE-2008-3785Aug 26, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.
- CVE-2008-3786Aug 26, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action.
- CVE-2008-3787Aug 26, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
- CVE-2008-3788Aug 26, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password…
- CVE-2008-3776Aug 25, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- CVE-2008-3777Aug 25, 2008risk 0.00cvss —epss 0.00
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to…
- CVE-2008-3778Aug 25, 2008risk 0.00cvss —epss 0.01
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause…
- CVE-2008-3766Aug 22, 2008risk 0.00cvss —epss 0.01
Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages.
- CVE-2008-3767Aug 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
- CVE-2008-3768Aug 22, 2008risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email…
- CVE-2008-3769Aug 22, 2008risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.
- CVE-2008-3770Aug 22, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2)…
- CVE-2008-3771Aug 22, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter.
- CVE-2008-3772Aug 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
- CVE-2008-3773Aug 22, 2008risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).
- CVE-2008-3774Aug 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
- risk 0.29cvss 4.4epss 0.00
Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the password, which allows local administrators to obtain sensitive information by reading and decrypting the QualityControl\_pack registry value.
- CVE-2008-3748Aug 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3749Aug 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3750Aug 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3751Aug 21, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3752Aug 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3753Aug 21, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3754Aug 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3755Aug 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
- CVE-2008-3756Aug 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3757Aug 21, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3758Aug 21, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via…
- CVE-2008-3759Aug 21, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.
- CVE-2008-3760Aug 21, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php.
- CVE-2008-3761Aug 21, 2008risk 0.03cvss —epss 0.01
hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local…
- CVE-2008-3762Aug 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
- CVE-2008-3763Aug 21, 2008risk 0.03cvss —epss 0.03
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by…
- CVE-2008-3764Aug 21, 2008risk 0.03cvss —epss 0.03
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.
- CVE-2008-3765Aug 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3718Aug 20, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.
- CVE-2008-3719Aug 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action.
- CVE-2008-3720Aug 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.
- CVE-2008-3721Aug 20, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
- CVE-2008-3722Aug 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-3723Aug 20, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE:…
- CVE-2008-3724Aug 20, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter.
- CVE-2008-3725Aug 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3726Aug 20, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI.
- CVE-2008-3727Aug 20, 2008risk 0.00cvss —epss 0.03
Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- CVE-2008-3728Aug 20, 2008risk 0.00cvss —epss 0.02
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests…
- CVE-2008-3729Aug 20, 2008risk 0.00cvss —epss 0.02
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.
- CVE-2008-3730Aug 20, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-3731Aug 20, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
- CVE-2008-3732Aug 20, 2008risk 0.04cvss —epss 0.13
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of…