• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-7157
Ekinboard
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in uploaded/avatars/.
CVE-2008-7156
Ekinboard
2017-09-29
N/A
N/A
EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass authorization and gain administrator privileges by setting the _groups[] parameter to 2, as demonstrated via backup.php.
CVE-2008-7155
Netrisk, Phprisk
Netrisk
2017-08-17
N/A
N/A
NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request.
CVE-2008-7154
Docebo
Docebolms
2017-09-29
N/A
N/A
Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message.
CVE-2008-7153
Docebo
Docebolms
2017-09-29
N/A
N/A
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
CVE-2008-7152
Simon Rycroft
Hashcash, Sid
2017-08-17
N/A
N/A
Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database (SID), when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) client.php or (2) taxonservice.php.
CVE-2008-7151
Drupal, Gurpartap Singh
Acidfree, Activity, Aggregation_module, Ajax_checklist, Archive_module, Asin_field_module, Atom_module, Audio_module, Authenticated_user_page_caching, Avatar_uploader, Live
2017-08-17
N/A
N/A
Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code.
CVE-2008-7150
Ber Kessels, Drupal
Refine_by_taxo, Acidfree, Activity, Aggregation_module, Ajax_checklist, Archive_module, Asin_field_module, Atom_module, Audio_module, Authenticated_user_page_caching, Avatar_uploader
2017-08-17
N/A
N/A
Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags.
CVE-2008-7149
Agilewiki
2009-09-09
N/A
N/A
Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords.
CVE-2008-7148
Synfig, Synfigstudio
Synfigstudio
2009-09-03
N/A
N/A
Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file.
« Previous 1 … 15 16 17 18 19 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE