| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0859 | 0.00 | — | 0.01 | Feb 21, 2008 | Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption. | |||
| CVE-2008-0860 | 0.00 | — | 0.02 | Feb 21, 2008 | Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs. | |||
| CVE-2008-0834 | 0.00 | — | 0.01 | Feb 20, 2008 | Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-0835 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter. | |||
| CVE-2008-0836 | 0.00 | — | 0.00 | Feb 20, 2008 | Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than… | |||
| CVE-2008-0837 | 0.00 | — | 0.02 | Feb 20, 2008 | Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file. | |||
| CVE-2008-0838 | 0.03 | — | 0.04 | Feb 20, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page. | |||
| CVE-2008-0839 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0840 | 0.03 | — | 0.02 | Feb 20, 2008 | Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter. | |||
| CVE-2008-0841 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0842 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||
| CVE-2008-0843 | 0.03 | — | 0.03 | Feb 20, 2008 | StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp. | |||
| CVE-2008-0844 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||
| CVE-2008-0845 | 0.03 | — | 0.03 | Feb 20, 2008 | SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter. | |||
| CVE-2008-0846 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter. | |||
| CVE-2008-0831 | 0.03 | — | 0.01 | Feb 20, 2008 | Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754. | |||
| CVE-2008-0832 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action. | |||
| CVE-2008-0833 | 0.03 | — | 0.01 | Feb 20, 2008 | SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||
| CVE-2007-6319 | 0.00 | — | 0.03 | Feb 19, 2008 | Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side… | |||
| CVE-2008-0830 | 0.03 | — | 0.02 | Feb 19, 2008 | The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043. | |||
| CVE-2008-0827 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-0828 | 0.00 | — | 0.01 | Feb 19, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile. | |||
| CVE-2008-0829 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task. | |||
| CVE-2008-0818 | 0.03 | — | 0.03 | Feb 19, 2008 | Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php. | |||
| CVE-2008-0819 | 0.03 | — | 0.02 | Feb 19, 2008 | Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||
| CVE-2008-0820 | 0.00 | — | 0.01 | Feb 19, 2008 | Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is… | |||
| CVE-2008-0821 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action. | |||
| CVE-2008-0822 | 0.03 | — | 0.02 | Feb 19, 2008 | Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter. | |||
| CVE-2008-0823 | 0.00 | — | 0.02 | Feb 19, 2008 | Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. | |||
| CVE-2008-0824 | 0.00 | — | 0.01 | Feb 19, 2008 | Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors. | |||
| CVE-2008-0825 | 0.00 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in Claroline before 1.8.9 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-0826 | 0.00 | — | 0.01 | Feb 19, 2008 | Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-0810 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0811 | 0.03 | — | 0.01 | Feb 19, 2008 | Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php. | |||
| CVE-2008-0812 | 0.03 | — | 0.02 | Feb 19, 2008 | Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter. | |||
| CVE-2008-0813 | 0.03 | — | 0.03 | Feb 19, 2008 | Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. | |||
| CVE-2008-0814 | 0.03 | — | 0.02 | Feb 19, 2008 | Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter. | |||
| CVE-2008-0815 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task. | |||
| CVE-2008-0816 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task. | |||
| CVE-2008-0817 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. | |||
| CVE-2008-0807 | 0.00 | — | 0.01 | Feb 19, 2008 | lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote… | |||
| CVE-2008-0808 | 0.00 | — | 0.01 | Feb 19, 2008 | Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags. | |||
| CVE-2008-0809 | 0.00 | — | 0.01 | Feb 19, 2008 | Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents. | |||
| CVE-2007-6258 | 0.06 | — | 0.41 | Feb 19, 2008 | Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. | |||
| CVE-2008-0556 | 0.00 | — | 0.01 | Feb 19, 2008 | Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer. | |||
| CVE-2008-0804 | 0.03 | — | 0.02 | Feb 19, 2008 | PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter. | |||
| CVE-2008-0805 | 0.03 | — | 0.05 | Feb 19, 2008 | Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures. | |||
| CVE-2008-0806 | 0.00 | — | 0.00 | Feb 19, 2008 | wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file. | |||
| CVE-2007-6313 | 0.00 | — | 0.01 | Feb 18, 2008 | MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. | |||
| CVE-2008-0674 | 0.00 | — | 0.06 | Feb 18, 2008 | Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. |
- CVE-2008-0859Feb 21, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption.
- CVE-2008-0860Feb 21, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs.
- CVE-2008-0834Feb 20, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-0835Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.
- CVE-2008-0836Feb 20, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than…
- CVE-2008-0837Feb 20, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file.
- CVE-2008-0838Feb 20, 2008risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
- CVE-2008-0839Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0840Feb 20, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in view_member.php in Public Warehouse LightBlog 9.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the username parameter.
- CVE-2008-0841Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0842Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
- CVE-2008-0843Feb 20, 2008risk 0.03cvss —epss 0.03
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.
- CVE-2008-0844Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
- CVE-2008-0845Feb 20, 2008risk 0.03cvss —epss 0.03
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
- CVE-2008-0846Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
- CVE-2008-0831Feb 20, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.
- CVE-2008-0832Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
- CVE-2008-0833Feb 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
- CVE-2007-6319Feb 19, 2008risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side…
- CVE-2008-0830Feb 19, 2008risk 0.03cvss —epss 0.02
The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043.
- CVE-2008-0827Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-0828Feb 19, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.
- CVE-2008-0829Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
- CVE-2008-0818Feb 19, 2008risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.
- CVE-2008-0819Feb 19, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
- CVE-2008-0820Feb 19, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER['PHP_INFO']. NOTE: the vendor disputes this issue in a followup, stating that the affected variable is…
- CVE-2008-0821Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.
- CVE-2008-0822Feb 19, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter.
- CVE-2008-0823Feb 19, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
- CVE-2008-0824Feb 19, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.
- CVE-2008-0825Feb 19, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in Claroline before 1.8.9 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-0826Feb 19, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-0810Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0811Feb 19, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.
- CVE-2008-0812Feb 19, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the action parameter.
- CVE-2008-0813Feb 19, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
- CVE-2008-0814Feb 19, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter.
- CVE-2008-0815Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
- CVE-2008-0816Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task.
- CVE-2008-0817Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
- CVE-2008-0807Feb 19, 2008risk 0.00cvss —epss 0.01
lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote…
- CVE-2008-0808Feb 19, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.
- CVE-2008-0809Feb 19, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.
- CVE-2007-6258Feb 19, 2008risk 0.06cvss —epss 0.41
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
- CVE-2008-0556Feb 19, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer.
- CVE-2008-0804Feb 19, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.
- CVE-2008-0805Feb 19, 2008risk 0.03cvss —epss 0.05
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
- CVE-2008-0806Feb 19, 2008risk 0.00cvss —epss 0.00
wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.
- CVE-2007-6313Feb 18, 2008risk 0.00cvss —epss 0.01
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
- CVE-2008-0674Feb 18, 2008risk 0.00cvss —epss 0.06
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.