| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2643 | 0.03 | — | 0.01 | Jun 10, 2008 | SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php. | |||
| CVE-2008-2644 | 0.03 | — | 0.02 | Jun 10, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s… | |||
| CVE-2008-2645 | 0.06 | — | 0.39 | Jun 10, 2008 | Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7)… | |||
| CVE-2008-2646 | 0.03 | — | 0.01 | Jun 10, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to… | |||
| CVE-2008-2647 | 0.03 | — | 0.01 | Jun 10, 2008 | SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter. | |||
| CVE-2008-2648 | 0.03 | — | 0.03 | Jun 10, 2008 | Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory. | |||
| CVE-2008-2649 | 0.03 | — | 0.02 | Jun 10, 2008 | Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php. | |||
| CVE-2008-2650 | 0.05 | — | 0.19 | Jun 10, 2008 | Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file… | |||
| CVE-2008-2651 | 0.03 | — | 0.01 | Jun 10, 2008 | SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php. | |||
| CVE-2008-2652 | 0.03 | — | 0.01 | Jun 10, 2008 | Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters. | |||
| CVE-2008-1673 | 0.01 | — | 0.07 | Jun 10, 2008 | The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers… | |||
| CVE-2008-2358 | 0.00 | — | 0.00 | Jun 10, 2008 | Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a… | |||
| CVE-2008-2626 | 0.03 | — | 0.01 | Jun 10, 2008 | SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter. | |||
| CVE-2008-2627 | 0.03 | — | 0.02 | Jun 10, 2008 | SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php. | |||
| CVE-2008-2628 | 0.03 | — | 0.01 | Jun 10, 2008 | SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||
| CVE-2008-2629 | 0.03 | — | 0.02 | Jun 10, 2008 | SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php. | |||
| CVE-2008-2630 | 0.03 | — | 0.01 | Jun 10, 2008 | SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php. | |||
| CVE-2008-2631 | 0.05 | — | 0.23 | Jun 10, 2008 | The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2008-2632 | 0.03 | — | 0.01 | Jun 10, 2008 | SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php. | |||
| CVE-2008-2633 | 0.03 | — | 0.01 | Jun 10, 2008 | Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php. | |||
| CVE-2008-2634 | 0.03 | — | 0.01 | Jun 10, 2008 | SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||
| CVE-2008-2635 | 0.00 | — | 0.02 | Jun 10, 2008 | Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the… | |||
| CVE-2008-2636 | 0.00 | — | 0.03 | Jun 10, 2008 | The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page"… | |||
| CVE-2008-2637 | 0.03 | — | 0.02 | Jun 10, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the… | |||
| CVE-2008-2638 | 0.03 | — | 0.04 | Jun 10, 2008 | Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php. | |||
| CVE-2008-1106 | 0.00 | — | 0.01 | Jun 9, 2008 | The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote… | |||
| CVE-2008-1805 | 0.00 | — | 0.04 | Jun 6, 2008 | Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the… | |||
| CVE-2008-2388 | 0.00 | — | 0.01 | Jun 6, 2008 | Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem." | |||
| CVE-2008-2389 | 0.00 | — | 0.00 | Jun 6, 2008 | opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack. | |||
| CVE-2008-2545 | 0.00 | — | 0.04 | Jun 6, 2008 | Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension… | |||
| CVE-2008-2574 | 0.03 | — | 0.05 | Jun 6, 2008 | Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/. | |||
| CVE-2008-2575 | 0.00 | — | 0.03 | Jun 6, 2008 | cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename. | |||
| CVE-2008-2560 | 0.03 | — | 0.01 | Jun 6, 2008 | SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||
| CVE-2008-2561 | 0.03 | — | 0.02 | Jun 6, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php;… | |||
| CVE-2008-2562 | 0.03 | — | 0.01 | Jun 6, 2008 | SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action. | |||
| CVE-2008-2563 | 0.00 | — | 0.01 | Jun 6, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.php and (2) dsp_task_editor.php in SamTodo 1.1 allow remote attackers to inject arbitrary web script or HTML via the (a) tid parameter in a main.taskeditor edit action, and the (b) completed parameter in a… | |||
| CVE-2008-2564 | 0.03 | — | 0.01 | Jun 6, 2008 | SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. | |||
| CVE-2008-2565 | 0.03 | — | 0.02 | Jun 6, 2008 | Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected. | |||
| CVE-2008-2566 | 0.03 | — | 0.02 | Jun 6, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI. | |||
| CVE-2008-2567 | 0.00 | — | 0.01 | Jun 6, 2008 | Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism… | |||
| CVE-2008-2568 | 0.03 | — | 0.01 | Jun 6, 2008 | SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php. | |||
| CVE-2008-2569 | 0.03 | — | 0.01 | Jun 6, 2008 | SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php. | |||
| CVE-2008-2570 | 0.00 | — | 0.01 | Jun 6, 2008 | Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors. | |||
| CVE-2008-2571 | 0.00 | — | 0.01 | Jun 6, 2008 | Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action. | |||
| CVE-2008-2572 | 0.03 | — | 0.01 | Jun 6, 2008 | SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter. | |||
| CVE-2008-2573 | 0.03 | — | 0.06 | Jun 6, 2008 | Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command. | |||
| CVE-2008-2559 | 0.00 | — | 0.04 | Jun 5, 2008 | Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467. | |||
| CVE-2008-2554 | 0.03 | — | 0.01 | Jun 5, 2008 | Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp. | |||
| CVE-2008-2555 | 0.03 | — | 0.01 | Jun 5, 2008 | SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||
| CVE-2008-2556 | 0.03 | — | 0.01 | Jun 5, 2008 | SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action. |
- CVE-2008-2643Jun 10, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
- CVE-2008-2644Jun 10, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php, and the (4) new_s…
- CVE-2008-2645Jun 10, 2008risk 0.06cvss —epss 0.39
Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7)…
- CVE-2008-2646Jun 10, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to…
- CVE-2008-2647Jun 10, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.
- CVE-2008-2648Jun 10, 2008risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in upload/uploader.html in meBiblio 0.4.7 allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the files/ directory.
- CVE-2008-2649Jun 10, 2008risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php.
- CVE-2008-2650Jun 10, 2008risk 0.05cvss —epss 0.19
Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file…
- CVE-2008-2651Jun 10, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.
- CVE-2008-2652Jun 10, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.
- CVE-2008-1673Jun 10, 2008risk 0.01cvss —epss 0.07
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers…
- CVE-2008-2358Jun 10, 2008risk 0.00cvss —epss 0.00
Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a…
- CVE-2008-2626Jun 10, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
- CVE-2008-2627Jun 10, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.
- CVE-2008-2628Jun 10, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
- CVE-2008-2629Jun 10, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.
- CVE-2008-2630Jun 10, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
- CVE-2008-2631Jun 10, 2008risk 0.05cvss —epss 0.23
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2008-2632Jun 10, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
- CVE-2008-2633Jun 10, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
- CVE-2008-2634Jun 10, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter.
- CVE-2008-2635Jun 10, 2008risk 0.00cvss —epss 0.02
Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND command from the…
- CVE-2008-2636Jun 10, 2008risk 0.00cvss —epss 0.03
The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 allows remote attackers to cause a denial of service (management interface outage) or possibly execute arbitrary code via a URI that begins with a "/./" sequence, contains many instances of a "front_page"…
- CVE-2008-2637Jun 10, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the…
- CVE-2008-2638Jun 10, 2008risk 0.03cvss —epss 0.04
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
- CVE-2008-1106Jun 9, 2008risk 0.00cvss —epss 0.01
The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote…
- CVE-2008-1805Jun 6, 2008risk 0.00cvss —epss 0.04
Incomplete blacklist vulnerability in Skype 3.6.0.248, and other versions before 3.8.0.139, allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI that ends in an executable extension that is not covered by the…
- CVE-2008-2388Jun 6, 2008risk 0.00cvss —epss 0.01
Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have unspecified impact and attack vectors. NOTE: the vendor states that these "can be considered no security problem."
- CVE-2008-2389Jun 6, 2008risk 0.00cvss —epss 0.00
opensuse-updater in openSUSE 10.2 allows local users to access arbitrary files via a symlink attack.
- CVE-2008-2545Jun 6, 2008risk 0.00cvss —epss 0.04
Skype 3.6.0.248, and other versions before 3.8.0.139, uses a case-sensitive comparison when checking for dangerous extensions, which allows user-assisted remote attackers to bypass warning dialogs and possibly execute arbitrary code via a file: URI with a dangerous extension…
- CVE-2008-2574Jun 6, 2008risk 0.03cvss —epss 0.05
Unrestricted file upload vulnerability in admin/Editor/imgupload.php in FlashBlog 0.31 beta allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in tus_imagenes/.
- CVE-2008-2575Jun 6, 2008risk 0.00cvss —epss 0.03
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
- CVE-2008-2560Jun 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.
- CVE-2008-2561Jun 6, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php;…
- CVE-2008-2562Jun 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.
- CVE-2008-2563Jun 6, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.php and (2) dsp_task_editor.php in SamTodo 1.1 allow remote attackers to inject arbitrary web script or HTML via the (a) tid parameter in a main.taskeditor edit action, and the (b) completed parameter in a…
- CVE-2008-2564Jun 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
- CVE-2008-2565Jun 6, 2008risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
- CVE-2008-2566Jun 6, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.
- CVE-2008-2567Jun 6, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism…
- CVE-2008-2568Jun 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
- CVE-2008-2569Jun 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.
- CVE-2008-2570Jun 6, 2008risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.
- CVE-2008-2571Jun 6, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action.
- CVE-2008-2572Jun 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter.
- CVE-2008-2573Jun 6, 2008risk 0.03cvss —epss 0.06
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.
- CVE-2008-2559Jun 5, 2008risk 0.00cvss —epss 0.04
Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows remote attackers to execute arbitrary code via a malformed packet to TCP port 3050, which triggers a stack-based buffer overflow. NOTE: this issue might be related to CVE-2008-0467.
- CVE-2008-2554Jun 5, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.
- CVE-2008-2555Jun 5, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter.
- CVE-2008-2556Jun 5, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action.