• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-6947
Collabtive
2018-10-11
N/A
N/A
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
CVE-2008-6946
Collabtive
2018-10-11
N/A
N/A
Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php.
CVE-2008-6945
Icdevgroup, Interchange
Interchange
2017-08-17
N/A
N/A
Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature.
CVE-2008-6944
Auto Classifieds, Scriptsfeed
Auto_classifieds, Business_directory_software, Dating_software, Realtor_classifieds_system, Recipes_listing_portal, Scripts_directory
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
CVE-2008-6943
Recipes Listing Portal, Scriptsfeed
Auto_classifieds, Business_directory_software, Dating_software, Realtor_classifieds_system, Recipes_listing_portal, Scripts_directory
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
CVE-2008-6942
Realtor Classifieds System, Scriptsfeed
Auto_classifieds, Business_directory_software, Dating_software, Realtor_classifieds_system, Recipes_listing_portal, Scripts_directory
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
CVE-2008-6941
Turnkeyforms
Business_survey_pro, Entertainment_portal, Local_classifieds, Text_link_sales, Web_hosting_directory, Yahoo-answers-clone
2017-09-29
N/A
N/A
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
CVE-2008-6940
Turnkeyforms
Business_survey_pro, Entertainment_portal, Local_classifieds, Text_link_sales, Web_hosting_directory, Yahoo-answers-clone
2017-09-29
N/A
N/A
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.
CVE-2008-6939
Turnkeyforms
Business_survey_pro, Entertainment_portal, Local_classifieds, Text_link_sales, Web_hosting_directory, Yahoo-answers-clone
2017-09-29
N/A
N/A
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.
CVE-2008-6938
Holger Zimmermann
Pi3web
2017-09-29
N/A
N/A
Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapiusers.txt.
« Previous 1 … 36 37 38 39 40 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE