• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-7067
Page Tree Cms, Pagetreecms
Page_tree_cms
2017-09-29
N/A
N/A
PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.
CVE-2008-7066
2enetworx, Openforum
Openforum, Statcountex
2017-09-29
N/A
N/A
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.
CVE-2008-7065
Siemens
Logo!8_bm_firmware, Logo!8_bm, Cp1604_firmware, Cp1604, Cp1616_firmware, Cp1616, Dk_standard_ethernet_controller_firmware, Dk_standard_ethernet_controller, Ek-ertec_200_firmware, Ek-ertec_200
2018-10-11
N/A
N/A
Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060.
CVE-2008-7064
Quicksilver Forums
Quicksilver_forums
2017-09-29
N/A
N/A
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
CVE-2008-7063
Faq Manager Pro, Ocean12tech
Contact_manager_pro, Faq_manager_pro, Membership_manager_pro
2017-09-29
N/A
N/A
Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.
CVE-2008-7062
Lovecms
The_simple_forum
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
CVE-2008-7061
Google
Admob, Android, Android_api, Android_browser, Android_debug_bridge, Android_one, Android_sdk, Android_sdk_platform_tools, Android_sdk_tools, Android_tv
2018-10-11
N/A
N/A
The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists.
CVE-2008-7060
One-news
2018-10-11
N/A
N/A
Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inject arbitrary HTML and web script via the (1) title or (2) content parameters in a news item to add.php, and the (3) itemnum, (4) author, or (5) comment parameters in a comment to index.php. NOTE: vectors 1 and 2 require user authentication.
CVE-2008-7059
Aled Owen
2018-10-11
N/A
N/A
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
CVE-2008-7058
Grayscalecms
Bandsite_cms
2017-09-29
N/A
N/A
Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hijack the authentication of administrators and force a logout via adminpanel/logout.php.
« Previous 1 … 24 25 26 27 28 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE