• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-6737
Crysis, Ea
Battlefield_2, Battlefield_2142, Crysis, Karotz_smart_rabbit, Karotz_smart_rabbit_firmware, Need_for_speed_network, Origin, Origin_client
2017-08-17
N/A
N/A
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.
CVE-2008-6736
Circulargenius
Flat_calendar
2018-10-11
N/A
N/A
Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
CVE-2008-6735
Thaiquickcart
2017-09-29
N/A
N/A
Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie.
CVE-2008-6734
Keller Web Admin
Kwa
2017-09-29
N/A
N/A
Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
CVE-2008-6733
Dotnetnuke
Dotnetnuke_iframe
2017-08-17
N/A
N/A
Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter.
CVE-2008-6732
Dotnetnuke
Dotnetnuke_iframe
2017-08-17
N/A
N/A
Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths."
CVE-2008-6731
China-on-site
Flexcustomer0.0.6, Flexphpdirectory, Flexphpic, Flexphplink, Flexphpnews, Flexphpsite
2017-09-29
N/A
N/A
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
CVE-2008-6730
China-on-site
Flexcustomer0.0.6, Flexphpdirectory, Flexphpic, Flexphplink, Flexphpnews, Flexphpsite
2017-09-29
N/A
N/A
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
CVE-2008-6729
Phpmotion
2017-09-29
N/A
N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.
CVE-2008-6728
Php-nuke, Phpnuke
Advanced_classified_module, Autohtml_module, Current_issue_module, Downloads_module, Downloadsplus_module, Eboard_module, Emporium_module, Ev, Hadith_module, Iframe_module, 4nchat, 4ndvddb, Book, Easycontent_module, Kose_yazilari_module, Kutubisitte_component, Myheadlines, Nukestyles_viewpage_module, Okul_module, Php-nuke
2018-10-11
N/A
N/A
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
« Previous 1 … 57 58 59 60 61 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE