• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-6757
Viart
Cms, Helpdesk, Shop, Shop_evaluation, Shop_free, Shopping_cart, Viart_cms, Viart_helpdesk, Viart_shop
2018-10-11
N/A
N/A
Cross-site scripting (XSS) vulnerability in manuals_search.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to inject arbitrary web script or HTML via the manuals_search parameter.
CVE-2008-6756
Gentoo, Zoneminder
App-crypt_pinentry, Cman, Dev-python-flower, Fence, File, Gentoo_linux, Glibc, Libsndfile, Linux_eix, Linux_webapp-config
2017-08-17
N/A
N/A
ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.
CVE-2008-6755
Redhat, Zoneminder
Jboss_core_services, Enterprise_linux, Jboss_enterprise_application_platform, Enterprise_linux_server, Jboss_amq_clients_2, Openstack, Virtualization, Virtualization_host, Single_sign-on, Openshift_container_platform
2017-08-17
N/A
N/A
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
CVE-2008-6754
Jelsoft, Mephisteus
Impex, Oscmax, Vbsupport_integrated_ticket_system, Vbug_tracker, The_personal_sticky_threads
2018-10-11
N/A
N/A
The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote authenticated users to read the title, author, and pages of an arbitrary thread by toggling a personal sticky.
CVE-2008-6753
Silverstripe
Asset_admin, Assets, Graphql, Mimevalidator, Recipe, Registry, Restfulserver, Silverstripe-omnipay, Subsites
2017-08-17
N/A
N/A
SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.
CVE-2008-6752
Revou
Micro_blogging_twitter_clone, Tclone
2017-09-29
N/A
N/A
adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.
CVE-2008-6751
Revou, Tclone
Micro_blogging_twitter_clone, Tclone
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in settings/my_photo.
CVE-2008-6750
China-on-site
Flexcustomer0.0.6, Flexphpdirectory, Flexphpic, Flexphplink, Flexphpnews, Flexphpsite
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/.
CVE-2008-6749
China-on-site
Flexcustomer0.0.6, Flexphpdirectory, Flexphpic, Flexphplink, Flexphpnews, Flexphpsite
2017-09-29
N/A
N/A
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.
CVE-2008-6748
Megacubo
2018-10-11
N/A
N/A
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
« Previous 1 … 55 56 57 58 59 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE