| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2787 | 0.03 | — | 0.02 | Jun 20, 2008 | Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter. | |||
| CVE-2008-2788 | 0.00 | — | 0.01 | Jun 20, 2008 | Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | |||
| CVE-2008-2789 | 0.05 | — | 0.23 | Jun 20, 2008 | SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||
| CVE-2008-2790 | 0.03 | — | 0.01 | Jun 20, 2008 | SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-2791 | 0.03 | — | 0.01 | Jun 20, 2008 | SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-2792 | 0.03 | — | 0.01 | Jun 20, 2008 | SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter. | |||
| CVE-2008-2793 | 0.03 | — | 0.01 | Jun 20, 2008 | SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | |||
| CVE-2008-2794 | 0.00 | — | 0.00 | Jun 20, 2008 | Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors. | |||
| CVE-2008-2795 | 0.04 | — | 0.08 | Jun 20, 2008 | Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\ (dot dot backslash) in a response to a LIST command. | |||
| CVE-2008-2796 | 0.03 | — | 0.01 | Jun 20, 2008 | SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||
| CVE-2008-2797 | 0.00 | — | 0.01 | Jun 20, 2008 | Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2008-2665 | 0.00 | — | 0.03 | Jun 20, 2008 | Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has… | |||
| CVE-2008-2666 | 0.04 | — | 0.14 | Jun 20, 2008 | Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok… | |||
| CVE-2008-2785 | 0.00 | — | 0.05 | Jun 19, 2008 | Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to… | |||
| CVE-2008-2786 | 0.00 | — | 0.01 | Jun 19, 2008 | Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes. | |||
| CVE-2008-2774 | 0.03 | — | 0.01 | Jun 19, 2008 | SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736. | |||
| CVE-2008-2775 | 0.00 | — | 0.01 | Jun 19, 2008 | SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-2776 | 0.00 | — | 0.01 | Jun 19, 2008 | Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-2777 | 0.00 | — | 0.01 | Jun 19, 2008 | Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-2778 | 0.03 | — | 0.01 | Jun 19, 2008 | SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||
| CVE-2008-2779 | 0.00 | — | 0.03 | Jun 19, 2008 | Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue… | |||
| CVE-2008-2780 | 0.00 | — | 0.01 | Jun 19, 2008 | The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file. | |||
| CVE-2008-2781 | 0.03 | — | 0.01 | Jun 19, 2008 | SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action. | |||
| CVE-2008-2782 | 0.03 | — | 0.02 | Jun 19, 2008 | Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php. | |||
| CVE-2008-2783 | 0.03 | — | 0.02 | Jun 19, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde… | |||
| CVE-2008-2784 | 0.00 | — | 0.01 | Jun 19, 2008 | The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed… | |||
| CVE-2008-2753 | 0.03 | — | 0.01 | Jun 18, 2008 | Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/. | |||
| CVE-2008-2754 | 0.03 | — | 0.01 | Jun 18, 2008 | SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter. | |||
| CVE-2008-2755 | 0.03 | — | 0.01 | Jun 18, 2008 | SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-2756 | 0.00 | — | 0.01 | Jun 18, 2008 | Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party… | |||
| CVE-2008-2757 | 0.00 | — | 0.01 | Jun 18, 2008 | SQL injection vulnerability in search.asp in Xigla Absolute News Manager XE 3.2 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2008-2758 | 0.00 | — | 0.01 | Jun 18, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b)… | |||
| CVE-2008-2759 | 0.00 | — | 0.01 | Jun 18, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. NOTE:… | |||
| CVE-2008-2760 | 0.00 | — | 0.01 | Jun 18, 2008 | SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2008-2761 | 0.00 | — | 0.01 | Jun 18, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields.… | |||
| CVE-2008-2762 | 0.00 | — | 0.01 | Jun 18, 2008 | SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2008-2763 | 0.00 | — | 0.01 | Jun 18, 2008 | SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2008-2764 | 0.00 | — | 0.01 | Jun 18, 2008 | Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields"). | |||
| CVE-2008-2765 | 0.00 | — | 0.01 | Jun 18, 2008 | SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action. | |||
| CVE-2008-2766 | 0.00 | — | 0.01 | Jun 18, 2008 | Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp. | |||
| CVE-2008-2767 | 0.00 | — | 0.01 | Jun 18, 2008 | SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter. | |||
| CVE-2008-2768 | 0.00 | — | 0.01 | Jun 18, 2008 | Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields"). | |||
| CVE-2008-2769 | 0.00 | — | 0.01 | Jun 18, 2008 | PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter. | |||
| CVE-2008-2770 | 0.03 | — | 0.01 | Jun 18, 2008 | SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter. | |||
| CVE-2008-2771 | 0.00 | — | 0.01 | Jun 18, 2008 | The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. | |||
| CVE-2008-2772 | 0.00 | — | 0.01 | Jun 18, 2008 | The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks." | |||
| CVE-2008-2773 | 0.00 | — | 0.01 | Jun 18, 2008 | Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-0925 | 0.00 | — | 0.02 | Jun 18, 2008 | Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the… | |||
| CVE-2008-2060 | 0.00 | — | 0.02 | Jun 18, 2008 | Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on… | |||
| CVE-2008-2428 | 0.00 | — | 0.01 | Jun 18, 2008 | Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action. |
- CVE-2008-2787Jun 20, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.
- CVE-2008-2788Jun 20, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
- CVE-2008-2789Jun 20, 2008risk 0.05cvss —epss 0.23
SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
- CVE-2008-2790Jun 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-2791Jun 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-2792Jun 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter.
- CVE-2008-2793Jun 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
- CVE-2008-2794Jun 20, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors.
- CVE-2008-2795Jun 20, 2008risk 0.04cvss —epss 0.08
Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\ (dot dot backslash) in a response to a LIST command.
- CVE-2008-2796Jun 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
- CVE-2008-2797Jun 20, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are…
- CVE-2008-2665Jun 20, 2008risk 0.00cvss —epss 0.03
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has…
- CVE-2008-2666Jun 20, 2008risk 0.04cvss —epss 0.14
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok…
- CVE-2008-2785Jun 19, 2008risk 0.00cvss —epss 0.05
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to…
- CVE-2008-2786Jun 19, 2008risk 0.00cvss —epss 0.01
Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.
- CVE-2008-2774Jun 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.
- CVE-2008-2775Jun 19, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-2776Jun 19, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-2777Jun 19, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-2778Jun 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter.
- CVE-2008-2779Jun 19, 2008risk 0.00cvss —epss 0.03
Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue…
- CVE-2008-2780Jun 19, 2008risk 0.00cvss —epss 0.01
The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file.
- CVE-2008-2781Jun 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action.
- CVE-2008-2782Jun 19, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php.
- CVE-2008-2783Jun 19, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde…
- CVE-2008-2784Jun 19, 2008risk 0.00cvss —epss 0.01
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed…
- CVE-2008-2753Jun 18, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/.
- CVE-2008-2754Jun 18, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.
- CVE-2008-2755Jun 18, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-2756Jun 18, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party…
- CVE-2008-2757Jun 18, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in search.asp in Xigla Absolute News Manager XE 3.2 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
- CVE-2008-2758Jun 18, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b)…
- CVE-2008-2759Jun 18, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. NOTE:…
- CVE-2008-2760Jun 18, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
- CVE-2008-2761Jun 18, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields.…
- CVE-2008-2762Jun 18, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
- CVE-2008-2763Jun 18, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
- CVE-2008-2764Jun 18, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").
- CVE-2008-2765Jun 18, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
- CVE-2008-2766Jun 18, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp.
- CVE-2008-2767Jun 18, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter.
- CVE-2008-2768Jun 18, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields").
- CVE-2008-2769Jun 18, 2008risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter.
- CVE-2008-2770Jun 18, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
- CVE-2008-2771Jun 18, 2008risk 0.00cvss —epss 0.01
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
- CVE-2008-2772Jun 18, 2008risk 0.00cvss —epss 0.01
The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."
- CVE-2008-2773Jun 18, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-0925Jun 18, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the…
- CVE-2008-2060Jun 18, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on…
- CVE-2008-2428Jun 18, 2008risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action.