• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-6877
Zen-cart
Zen_cart, Web_shopping_cart
2017-09-29
N/A
N/A
** DISPUTED ** Directory traversal vulnerability in admin/includes/initsystem.php in Zen Cart 1.3.8 and 1.3.8a, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the loader_file parameter. NOTE: the vendor disputes this issue, stating "at worst, the use of this vulnerability will reveal some local file paths."
CVE-2008-6876
Editeurscripts, Espartenaires
Esbaseadmin, Escontacts, Esfaq, Esnews, Espartenaires
2017-08-17
N/A
N/A
Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037.
CVE-2008-6875
Humayun Shabbir Bhutta
2017-08-17
N/A
N/A
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.
CVE-2008-6874
2017-09-29
N/A
N/A
Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp.
CVE-2008-6873
Active Web Mail, Activewebsoftwares
Active_auction_house, Active_bids, Active_business_directory, Active_ewebquiz, Active_force_matrix, Active_membership, Active_newsletter, Active_photo_gallery, Active_price_comparison, Active_test
2017-09-29
N/A
N/A
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
CVE-2008-6872
2017-09-29
N/A
N/A
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb.
CVE-2008-6871
2017-09-29
N/A
N/A
Merlix Educate Server stores db.mdb under the web root with insufficient access control, which allows remote attackers to obtain unspecified sensitive information via a direct request.
CVE-2008-6870
2017-09-29
N/A
N/A
Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp.
CVE-2008-6869
2017-09-29
N/A
N/A
Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini.
CVE-2008-6868
Editeurscripts, Esbaseadmin
Esbaseadmin, Escontacts, Esfaq, Esnews, Espartenaires
2017-08-17
N/A
N/A
Cross-site scripting (XSS) vulnerability in default/login.php in EditeurScripts EsBaseAdmin 2.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037.
« Previous 1 … 43 44 45 46 47 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE