| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3051 | 0.00 | — | 0.01 | Jul 7, 2008 | SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-3052 | 0.00 | — | 0.01 | Jul 7, 2008 | Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2008-3053 | 0.00 | — | 0.01 | Jul 7, 2008 | SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-3054 | 0.00 | — | 0.01 | Jul 7, 2008 | SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-3055 | 0.00 | — | 0.01 | Jul 7, 2008 | SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-3056 | 0.00 | — | 0.01 | Jul 7, 2008 | SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-3022 | 0.03 | — | 0.02 | Jul 7, 2008 | Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3) uzanti parameters. | |||
| CVE-2008-3023 | 0.01 | — | 0.12 | Jul 7, 2008 | Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than… | |||
| CVE-2008-3024 | 0.03 | — | 0.06 | Jul 7, 2008 | Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/. | |||
| CVE-2008-2993 | 0.03 | — | 0.02 | Jul 3, 2008 | Multiple directory traversal vulnerabilities in index.php in FOG Forum 0.8.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) fog_lang and (2) fog_skin parameters, probably related to libs/required/share.inc; and possibly the (3)… | |||
| CVE-2008-2994 | 0.03 | — | 0.01 | Jul 3, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and the (2) by and (3) cat_id parameters to annuaire.php. | |||
| CVE-2008-2995 | 0.03 | — | 0.01 | Jul 3, 2008 | Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php. | |||
| CVE-2008-2996 | 0.03 | — | 0.01 | Jul 3, 2008 | Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a… | |||
| CVE-2008-2997 | 0.03 | — | 0.01 | Jul 3, 2008 | Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action. | |||
| CVE-2008-2998 | 0.00 | — | 0.01 | Jul 3, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-2999 | 0.00 | — | 0.01 | Jul 3, 2008 | Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-3000 | 0.00 | — | 0.01 | Jul 3, 2008 | The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions. | |||
| CVE-2008-3001 | 0.00 | — | 0.03 | Jul 3, 2008 | The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions. | |||
| CVE-2008-2959 | 0.05 | — | 0.25 | Jul 2, 2008 | Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function. | |||
| CVE-2008-2960 | 0.00 | — | 0.02 | Jul 2, 2008 | Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/. | |||
| CVE-2008-2961 | 0.03 | — | 0.03 | Jul 2, 2008 | Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter. | |||
| CVE-2008-2962 | 0.03 | — | 0.01 | Jul 2, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php. | |||
| CVE-2008-2963 | 0.03 | — | 0.01 | Jul 2, 2008 | Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php. | |||
| CVE-2008-2964 | 0.03 | — | 0.01 | Jul 2, 2008 | SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-2965 | 0.03 | — | 0.01 | Jul 2, 2008 | Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter. | |||
| CVE-2008-2966 | 0.03 | — | 0.02 | Jul 2, 2008 | Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information. | |||
| CVE-2008-2967 | 0.03 | — | 0.02 | Jul 2, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and… | |||
| CVE-2008-2968 | 0.03 | — | 0.01 | Jul 2, 2008 | SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||
| CVE-2008-2969 | 0.03 | — | 0.03 | Jul 2, 2008 | Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile parameter. | |||
| CVE-2008-2970 | 0.03 | — | 0.02 | Jul 2, 2008 | Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/. | |||
| CVE-2008-2971 | 0.03 | — | 0.01 | Jul 2, 2008 | SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-2972 | 0.03 | — | 0.01 | Jul 2, 2008 | SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action. | |||
| CVE-2008-2973 | 0.03 | — | 0.02 | Jul 2, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters. | |||
| CVE-2008-2974 | 0.03 | — | 0.02 | Jul 2, 2008 | Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter. | |||
| CVE-2008-2975 | 0.03 | — | 0.01 | Jul 2, 2008 | Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.php in TinX/cms 1.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter. | |||
| CVE-2008-2976 | 0.03 | — | 0.02 | Jul 2, 2008 | Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c)… | |||
| CVE-2008-2977 | 0.03 | — | 0.02 | Jul 2, 2008 | Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the include_connection parameter to (1) edit_top_feature.php and (2) edit_topics_feature.php in phpi/. | |||
| CVE-2008-2978 | 0.03 | — | 0.02 | Jul 2, 2008 | Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter. | |||
| CVE-2008-2979 | 0.03 | — | 0.02 | Jul 2, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters. | |||
| CVE-2008-2980 | 0.03 | — | 0.01 | Jul 2, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to… | |||
| CVE-2008-2981 | 0.03 | — | 0.02 | Jul 2, 2008 | PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter. | |||
| CVE-2008-2982 | 0.03 | — | 0.02 | Jul 2, 2008 | Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) thumb_template parameter to (a)… | |||
| CVE-2008-2983 | 0.03 | — | 0.01 | Jul 2, 2008 | SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-2984 | 0.03 | — | 0.01 | Jul 2, 2008 | Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter. | |||
| CVE-2008-2985 | 0.03 | — | 0.02 | Jul 2, 2008 | Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter. | |||
| CVE-2008-2986 | 0.03 | — | 0.02 | Jul 2, 2008 | Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/. | |||
| CVE-2008-2987 | 0.03 | — | 0.02 | Jul 2, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/. | |||
| CVE-2008-2988 | 0.00 | — | 0.02 | Jul 2, 2008 | Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/. | |||
| CVE-2008-2989 | 0.03 | — | 0.01 | Jul 2, 2008 | SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary SQL commands via the go parameter. | |||
| CVE-2008-2990 | 0.03 | — | 0.02 | Jul 2, 2008 | PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter. |
- CVE-2008-3051Jul 7, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-3052Jul 7, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to cause a denial of service via unknown vectors.
- CVE-2008-3053Jul 7, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-3054Jul 7, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-3055Jul 7, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-3056Jul 7, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-3022Jul 7, 2008risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3) uzanti parameters.
- CVE-2008-3023Jul 7, 2008risk 0.01cvss —epss 0.12
Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than…
- CVE-2008-3024Jul 7, 2008risk 0.03cvss —epss 0.06
Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.
- CVE-2008-2993Jul 3, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in index.php in FOG Forum 0.8.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) fog_lang and (2) fog_skin parameters, probably related to libs/required/share.inc; and possibly the (3)…
- CVE-2008-2994Jul 3, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and the (2) by and (3) cat_id parameters to annuaire.php.
- CVE-2008-2995Jul 3, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php.
- CVE-2008-2996Jul 3, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a…
- CVE-2008-2997Jul 3, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action.
- CVE-2008-2998Jul 3, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-2999Jul 3, 2008risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-3000Jul 3, 2008risk 0.00cvss —epss 0.01
The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions.
- CVE-2008-3001Jul 3, 2008risk 0.00cvss —epss 0.03
The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions.
- CVE-2008-2959Jul 2, 2008risk 0.05cvss —epss 0.25
Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function.
- CVE-2008-2960Jul 2, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
- CVE-2008-2961Jul 2, 2008risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter.
- CVE-2008-2962Jul 2, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3) id parameter to post.php.
- CVE-2008-2963Jul 2, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php.
- CVE-2008-2964Jul 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-2965Jul 2, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
- CVE-2008-2966Jul 2, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information.
- CVE-2008-2967Jul 2, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and…
- CVE-2008-2968Jul 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
- CVE-2008-2969Jul 2, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile parameter.
- CVE-2008-2970Jul 2, 2008risk 0.03cvss —epss 0.02
Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.
- CVE-2008-2971Jul 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-2972Jul 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action.
- CVE-2008-2973Jul 2, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.
- CVE-2008-2974Jul 2, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter.
- CVE-2008-2975Jul 2, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.php in TinX/cms 1.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.
- CVE-2008-2976Jul 2, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c)…
- CVE-2008-2977Jul 2, 2008risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the include_connection parameter to (1) edit_top_feature.php and (2) edit_topics_feature.php in phpi/.
- CVE-2008-2978Jul 2, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix parameter.
- CVE-2008-2979Jul 2, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters.
- CVE-2008-2980Jul 2, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to…
- CVE-2008-2981Jul 2, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter.
- CVE-2008-2982Jul 2, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) thumb_template parameter to (a)…
- CVE-2008-2983Jul 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-2984Jul 2, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter.
- CVE-2008-2985Jul 2, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page_language parameter.
- CVE-2008-2986Jul 2, 2008risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/.
- CVE-2008-2987Jul 2, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.
- CVE-2008-2988Jul 2, 2008risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the file in billeder/.
- CVE-2008-2989Jul 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary SQL commands via the go parameter.
- CVE-2008-2990Jul 2, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.