CVE Vulnerability

Home ยป CVE’s

CVE’s

CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-6727
Myupb
Flat_php_board, Ultimate_php_board, Upb
2017-09-29
N/A
N/A
Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) 2.2.2, 2.2.1, and earlier 2.x versions allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVE-2008-6726
Cmscout
2017-09-29
N/A
N/A
Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415.
CVE-2008-6725
Cmscout
2017-09-29
N/A
N/A
Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php.
CVE-2008-6724
Patrick Matthai
Pnopaste
2017-08-17
N/A
N/A
Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1.0 allows remote attackers to inject arbitrary web script or HTML via the language parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6723
Turnkeyforms
Business_survey_pro, Entertainment_portal, Local_classifieds, Text_link_sales, Web_hosting_directory, Yahoo-answers-clone
2017-09-29
N/A
N/A
TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator.
CVE-2008-6722
Novell
Access_manager_identity_server, Apache_http_server, Bordermanager, Challenge_response_client, Client_firewall, Client_login_extension_(cle), Cloud_manager, Data_synchronizer, Edirectory, Emframe
2009-04-29
N/A
N/A
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
CVE-2008-6721
Aj Article, Ajsquare
Aj_article, Aj_auction_pro-oopd, Aj_classifieds, Aj_hyip, Aj_matrix_dna, Aj_shopping_cart, Free_polling_script, Zeuscart
2017-09-29
N/A
N/A
SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field).
CVE-2008-6720
Deltascripts
Php_classifieds, Php_links, Php_manualmaker, Php_pro_publish, Php_shop, Pro_publish
2017-09-29
N/A
N/A
SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field).
CVE-2008-6719
Uochm
Justbookit, Justlistit, Signup
2017-09-29
N/A
N/A
U&M Software Event Lister (aka JustListIt) 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) start.php, (2) aktivitet.php, (3) prop_aktivitet.php, (4) kategorier.php, (5) konfig.php, (6) security.php, (7) manual.php, and possibly (8) index.php.
CVE-2008-6718
Uochm
Justbookit, Justlistit, Signup
2017-09-29
N/A
N/A
U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php.
1 58 59 60 61 62 11,258