CVE Vulnerability

Home ยป CVE’s

CVE’s

CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-2863
2018-10-11
N/A
N/A
Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/.
CVE-2008-2862
2018-10-11
N/A
N/A
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.
CVE-2008-2861
2018-10-11
N/A
N/A
Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail parameters to login.asp.
CVE-2008-2860
2017-09-29
N/A
N/A
SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
CVE-2008-2859
Netwin, Surgemail
Cwmail, Dmail, Dmailweb, Dnews, Dnewsweb, Netauth, Smsgate, Surgeftp, Surgeldap, Surgemail
2017-08-08
N/A
N/A
Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors related to an "imap command."
CVE-2008-2858
2008-09-05
N/A
N/A
SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2857
Alstrasoft, Askme
Affiliate_network_pro, Article_manager_pro, Askme, Askme_pro, E-friends, Epay, Forum_pay_per_post_exchange, Live_support, Sendit, Sms_text_messaging_enterprise
2017-09-29
N/A
N/A
AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.
CVE-2008-2856
2017-09-29
N/A
N/A
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2855
2017-09-29
N/A
N/A
Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2008-2854
2017-09-29
N/A
N/A
Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php.
1 438 439 440 441 442 11,258