• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-6987
Dating Website Script, Ezonescripts
Adult_banner_exchange_website, Dating_website_script, Link_trader_script, Living_local
2017-08-17
N/A
N/A
Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote attackers to execute arbitrary code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6986
Zen Cart, Zen-cart
Zen_cart, Web_shopping_cart
2018-10-11
N/A
N/A
SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985.
CVE-2008-6985
Zen Cart, Zen-cart
Zen_cart, Web_shopping_cart
2018-10-11
N/A
N/A
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
CVE-2008-6984
Parallels, Plesk
Confixx, H-sphere, Parallels_access, Parallels_desktop, Parallels_plesk_panel, Parallels_plesk_small_business_panel, Parallels_small_business_panel, Parallels_virtuozzo, Plesk, Remote_application_server
2017-08-17
N/A
N/A
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
CVE-2008-6983
Devalcms
2017-09-29
N/A
N/A
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php.
CVE-2008-6982
Devalcms
2017-09-29
N/A
N/A
Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter.
CVE-2008-6981
Phpadultsite, Phpadultsite Cms
Phpadultsite_cms
2018-10-11
N/A
N/A
index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid results_per_page parameter, which leaks the path in an error message. NOTE: this issue might be resultant from a separate SQL injection vulnerability.
CVE-2008-6980
Phpadultsite, Phpadultsite Cms
Phpadultsite_cms
2018-10-11
N/A
N/A
SQL injection vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to execute arbitrary SQL commands via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6979
Phpadultsite, Phpadultsite Cms
Phpadultsite_cms
2018-10-11
N/A
N/A
Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to inject arbitrary web script or HTML via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue might be resultant from a separate SQL injection vulnerability.
CVE-2008-6978
Fullrevolution
Aspwebalbum, Aspwebcalendar, Aspwebcalendar2008
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.
« Previous 1 … 32 33 34 35 36 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE