Preprojects
Products
17- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
34| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-2763 | 0.04 | — | 0.09 | Jun 2, 2006 | SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678. | ||
| CVE-2012-5334 | 0.03 | — | 0.03 | Oct 8, 2012 | SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||
| CVE-2012-5333 | 0.03 | — | 0.02 | Oct 8, 2012 | SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2011-5139 | 0.03 | — | 0.01 | Aug 31, 2012 | SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2010-4776 | 0.03 | — | 0.00 | Mar 23, 2011 | SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter. | ||
| CVE-2010-1369 | 0.03 | — | 0.01 | Apr 13, 2010 | SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter. | ||
| CVE-2008-7052 | 0.03 | — | 0.02 | Aug 24, 2009 | Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/. | ||
| CVE-2008-6888 | 0.03 | — | 0.02 | Aug 3, 2009 | Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter. | ||
| CVE-2008-6887 | 0.03 | — | 0.00 | Aug 3, 2009 | SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter. | ||
| CVE-2008-6798 | 0.03 | — | 0.00 | May 7, 2009 | Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field). | ||
| CVE-2008-6796 | 0.03 | — | 0.00 | May 7, 2009 | SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field). | ||
| CVE-2008-6716 | 0.03 | — | 0.04 | Apr 13, 2009 | homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request. | ||
| CVE-2008-6715 | 0.03 | — | 0.02 | Apr 13, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.php and (2) homeadmin/signinform.php. | ||
| CVE-2008-6232 | 0.03 | — | 0.04 | Feb 20, 2009 | Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | ||
| CVE-2008-6231 | 0.03 | — | 0.04 | Feb 20, 2009 | Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | ||
| CVE-2008-6230 | 0.03 | — | 0.01 | Feb 20, 2009 | SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2008-5977 | 0.03 | — | 0.00 | Jan 27, 2009 | SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action. | ||
| CVE-2008-5976 | 0.03 | — | 0.03 | Jan 27, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field. | ||
| CVE-2008-4177 | 0.03 | — | 0.00 | Sep 23, 2008 | SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter. | ||
| CVE-2008-2914 | 0.03 | — | 0.01 | Jun 30, 2008 | SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information. |
- CVE-2006-2763Jun 2, 2006risk 0.04cvss —epss 0.09
SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.
- CVE-2012-5334Oct 8, 2012risk 0.03cvss —epss 0.03
SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.
- CVE-2012-5333Oct 8, 2012risk 0.03cvss —epss 0.02
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2011-5139Aug 31, 2012risk 0.03cvss —epss 0.01
SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2010-4776Mar 23, 2011risk 0.03cvss —epss 0.00
SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.
- CVE-2010-1369Apr 13, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter.
- CVE-2008-7052Aug 24, 2009risk 0.03cvss —epss 0.02
Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
- CVE-2008-6888Aug 3, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter.
- CVE-2008-6887Aug 3, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
- CVE-2008-6798May 7, 2009risk 0.03cvss —epss 0.00
Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).
- CVE-2008-6796May 7, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
- CVE-2008-6716Apr 13, 2009risk 0.03cvss —epss 0.04
homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request.
- CVE-2008-6715Apr 13, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.php and (2) homeadmin/signinform.php.
- CVE-2008-6232Feb 20, 2009risk 0.03cvss —epss 0.04
Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
- CVE-2008-6231Feb 20, 2009risk 0.03cvss —epss 0.04
Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".
- CVE-2008-6230Feb 20, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5977Jan 27, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action.
- CVE-2008-5976Jan 27, 2009risk 0.03cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field.
- CVE-2008-4177Sep 23, 2008risk 0.03cvss —epss 0.00
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.
- CVE-2008-2914Jun 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information.