CVE Vulnerability

Home ยป CVE’s

CVE’s

CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-2973
2017-09-29
N/A
N/A
Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.
CVE-2008-2972
2017-10-19
N/A
N/A
SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action.
CVE-2008-2971
2017-09-29
N/A
N/A
SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2970
2018-10-11
N/A
N/A
Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php and (2) login.php in homepg/.
CVE-2008-2969
2018-10-11
N/A
N/A
Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the dfile parameter.
CVE-2008-2968
2018-10-11
N/A
N/A
SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
CVE-2008-2967
2018-10-11
N/A
N/A
Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to login.php and the (2) glb_sid parameter to hta/htmlarea.js.php, and allow remote authenticated users to inject arbitrary web script or HTML via an unspecified field in room.php.
CVE-2008-2966
2017-09-29
N/A
N/A
Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information.
CVE-2008-2965
2017-09-29
N/A
N/A
Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
CVE-2008-2964
2017-09-29
N/A
N/A
SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
1 427 428 429 430 431 11,258