• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-7087
Openpro
2018-10-11
N/A
N/A
PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.
CVE-2008-7086
Maian Greetings, Maianscriptworld
Maianaffiliate, Maian_cart, Maian_gallery, Maian_greeting, Maian_greetings, Maian_guestbook, Maian_links, Maian_music, Maian_recipe, Maian_search
2017-09-29
N/A
N/A
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
CVE-2008-7085
Hockeystats Online, Thehockeystop
Hockeystats_online
2017-09-29
N/A
N/A
Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.
CVE-2008-7084
Hirschelectronics, Velocity Security Management System
Velocity_security_management_system
2018-10-11
N/A
N/A
Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2008-7083
Micro Blogging Twitter Clone, Revou
Micro_blogging_twitter_clone, Tclone
2017-09-29
N/A
N/A
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2008-7082
Mybb, Mybboard
Custom_pages_plugin, Mybb
2018-10-11
N/A
N/A
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
CVE-2008-7081
Icy Box Nas, Raidsonic
Icy_box_nas
2017-08-17
N/A
N/A
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-7080
Php Classifieds Script, Phpclassifiedsscript
Php_classifieds_script
2017-09-29
N/A
N/A
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
CVE-2008-7079
Nero
Advertising_center, Burnrights, Controlcenter, Coverdesigner, Coverdesigner_help, Disc_copy_gadget, Disc_copy_gadget_help, Discspeed, Dolbyfiles, Drivespeed
2017-09-29
N/A
N/A
Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.
CVE-2008-7078
Maxum, Rumpus
Rumpus, Rumpus_ftp
2018-10-11
N/A
N/A
Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.
« Previous 1 … 22 23 24 25 26 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE