| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3369 | 0.03 | — | 0.02 | Jul 30, 2008 | SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||
| CVE-2008-3370 | 0.03 | — | 0.01 | Jul 30, 2008 | SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field. | |||
| CVE-2008-3371 | 0.03 | — | 0.04 | Jul 30, 2008 | Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||
| CVE-2008-3372 | 0.03 | — | 0.01 | Jul 30, 2008 | SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | |||
| CVE-2008-3373 | 0.00 | — | 0.03 | Jul 30, 2008 | The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. | |||
| CVE-2008-3374 | 0.03 | — | 0.02 | Jul 30, 2008 | SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action. | |||
| CVE-2008-3375 | 0.03 | — | 0.04 | Jul 30, 2008 | The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. | |||
| CVE-2008-3376 | 0.00 | — | 0.01 | Jul 30, 2008 | Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors. | |||
| CVE-2008-3377 | 0.03 | — | 0.01 | Jul 30, 2008 | SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | |||
| CVE-2008-3378 | 0.03 | — | 0.01 | Jul 30, 2008 | SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||
| CVE-2008-3379 | 0.00 | — | 0.01 | Jul 30, 2008 | Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the pic parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-3362 | 0.04 | — | 0.17 | Jul 30, 2008 | Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct… | |||
| CVE-2008-3363 | 0.03 | — | 0.03 | Jul 30, 2008 | Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter. | |||
| CVE-2008-3364 | 0.06 | — | 0.33 | Jul 30, 2008 | Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and… | |||
| CVE-2008-1667 | 0.00 | — | 0.03 | Jul 29, 2008 | The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified… | |||
| CVE-2008-3100 | 0.03 | — | 0.02 | Jul 29, 2008 | Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php. | |||
| CVE-2008-3359 | 0.00 | — | 0.01 | Jul 29, 2008 | SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details… | |||
| CVE-2008-3360 | 0.04 | — | 0.08 | Jul 29, 2008 | Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494. | |||
| CVE-2008-3361 | 0.03 | — | 0.04 | Jul 29, 2008 | Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header. | |||
| CVE-2007-5400 | 0.01 | — | 0.07 | Jul 28, 2008 | Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file. | |||
| CVE-2008-1946 | 0.00 | — | 0.00 | Jul 28, 2008 | The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | |||
| CVE-2008-3064 | 0.00 | — | 0.02 | Jul 28, 2008 | Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." | |||
| CVE-2008-3066 | 0.01 | — | 0.10 | Jul 28, 2008 | Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting… | |||
| CVE-2008-3323 | 0.00 | — | 0.03 | Jul 28, 2008 | setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package. | |||
| CVE-2008-3349 | 0.00 | — | 0.03 | Jul 28, 2008 | Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access… | |||
| CVE-2008-3350 | 0.00 | — | 0.02 | Jul 28, 2008 | dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214. | |||
| CVE-2008-3351 | 0.03 | — | 0.01 | Jul 28, 2008 | SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action. | |||
| CVE-2008-3352 | 0.03 | — | 0.01 | Jul 28, 2008 | SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action. | |||
| CVE-2008-3353 | 0.00 | — | 0.01 | Jul 28, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Pure Software Lore before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) article comments feature and the (2) search log feature. | |||
| CVE-2008-3354 | 0.03 | — | 0.03 | Jul 28, 2008 | Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php,… | |||
| CVE-2008-3355 | 0.03 | — | 0.01 | Jul 28, 2008 | SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. | |||
| CVE-2008-3339 | 0.00 | — | 0.01 | Jul 28, 2008 | search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message. | |||
| CVE-2008-3340 | 0.00 | — | 0.01 | Jul 28, 2008 | Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbex JobSite allows remote attackers to inject arbitrary web script or HTML via the searchFor variable (possibly the opt parameter.) | |||
| CVE-2008-3341 | 0.00 | — | 0.01 | Jul 28, 2008 | Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex JobSite allow remote attackers to execute arbitrary SQL commands via the (1) jobcountryid and (2) jobstateid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely… | |||
| CVE-2008-3342 | 0.00 | — | 0.01 | Jul 28, 2008 | Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action. | |||
| CVE-2008-3343 | 0.03 | — | 0.01 | Jul 28, 2008 | SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action. | |||
| CVE-2008-3344 | 0.00 | — | 0.01 | Jul 28, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5)… | |||
| CVE-2008-3345 | 0.03 | — | 0.01 | Jul 28, 2008 | SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action. | |||
| CVE-2008-3346 | 0.03 | — | 0.01 | Jul 28, 2008 | SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||
| CVE-2008-3347 | 0.03 | — | 0.01 | Jul 28, 2008 | SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter. | |||
| CVE-2008-3348 | 0.00 | — | 0.01 | Jul 28, 2008 | Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the year parameter. | |||
| CVE-2008-3331 | 0.03 | — | 0.04 | Jul 27, 2008 | Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. | |||
| CVE-2008-3332 | 0.04 | — | 0.09 | Jul 27, 2008 | Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. | |||
| CVE-2008-3333 | 0.00 | — | 0.02 | Jul 27, 2008 | Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php). | |||
| CVE-2008-3334 | 0.00 | — | 0.01 | Jul 27, 2008 | Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. | |||
| CVE-2008-3335 | 0.00 | — | 0.03 | Jul 27, 2008 | Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors. | |||
| CVE-2008-3336 | 0.00 | — | 0.01 | Jul 27, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php. | |||
| CVE-2008-2951 | Med | 0.40 | 6.1 | 0.02 | Jul 27, 2008 | Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. | ||
| CVE-2008-3328 | 0.00 | — | 0.01 | Jul 27, 2008 | Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2008-3329 | 0.00 | — | 0.01 | Jul 27, 2008 | Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." |
- CVE-2008-3369Jul 30, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
- CVE-2008-3370Jul 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field.
- CVE-2008-3371Jul 30, 2008risk 0.03cvss —epss 0.04
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
- CVE-2008-3372Jul 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
- CVE-2008-3373Jul 30, 2008risk 0.00cvss —epss 0.03
The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.
- CVE-2008-3374Jul 30, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
- CVE-2008-3375Jul 30, 2008risk 0.03cvss —epss 0.04
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
- CVE-2008-3376Jul 30, 2008risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.
- CVE-2008-3377Jul 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
- CVE-2008-3378Jul 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
- CVE-2008-3379Jul 30, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the pic parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-3362Jul 30, 2008risk 0.04cvss —epss 0.17
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct…
- CVE-2008-3363Jul 30, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
- CVE-2008-3364Jul 30, 2008risk 0.06cvss —epss 0.33
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and…
- CVE-2008-1667Jul 29, 2008risk 0.00cvss —epss 0.03
The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to kill arbitrary processes via a process ID number in an unspecified…
- CVE-2008-3100Jul 29, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php.
- CVE-2008-3359Jul 29, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details…
- CVE-2008-3360Jul 29, 2008risk 0.04cvss —epss 0.08
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
- CVE-2008-3361Jul 29, 2008risk 0.03cvss —epss 0.04
Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.
- CVE-2007-5400Jul 28, 2008risk 0.01cvss —epss 0.07
Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file.
- CVE-2008-1946Jul 28, 2008risk 0.00cvss —epss 0.00
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.
- CVE-2008-3064Jul 28, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."
- CVE-2008-3066Jul 28, 2008risk 0.01cvss —epss 0.10
Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting…
- CVE-2008-3323Jul 28, 2008risk 0.00cvss —epss 0.03
setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.
- CVE-2008-3349Jul 28, 2008risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access…
- CVE-2008-3350Jul 28, 2008risk 0.00cvss —epss 0.02
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
- CVE-2008-3351Jul 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.
- CVE-2008-3352Jul 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.
- CVE-2008-3353Jul 28, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Pure Software Lore before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) article comments feature and the (2) search log feature.
- CVE-2008-3354Jul 28, 2008risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php,…
- CVE-2008-3355Jul 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
- CVE-2008-3339Jul 28, 2008risk 0.00cvss —epss 0.01
search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message.
- CVE-2008-3340Jul 28, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbex JobSite allows remote attackers to inject arbitrary web script or HTML via the searchFor variable (possibly the opt parameter.)
- CVE-2008-3341Jul 28, 2008risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex JobSite allow remote attackers to execute arbitrary SQL commands via the (1) jobcountryid and (2) jobstateid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely…
- CVE-2008-3342Jul 28, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action.
- CVE-2008-3343Jul 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action.
- CVE-2008-3344Jul 28, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5)…
- CVE-2008-3345Jul 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.
- CVE-2008-3346Jul 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter.
- CVE-2008-3347Jul 28, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.
- CVE-2008-3348Jul 28, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the year parameter.
- CVE-2008-3331Jul 27, 2008risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
- CVE-2008-3332Jul 27, 2008risk 0.04cvss —epss 0.09
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
- CVE-2008-3333Jul 27, 2008risk 0.00cvss —epss 0.02
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
- CVE-2008-3334Jul 27, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.
- CVE-2008-3335Jul 27, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
- CVE-2008-3336Jul 27, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.
- risk 0.40cvss 6.1epss 0.02
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.
- CVE-2008-3328Jul 27, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2008-3329Jul 27, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."