• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2008-6667
Marc Melvin
A+_php_scripts_news_management_system
2017-09-29
N/A
N/A
A+ PHP Scripts News Management System (NMS) allows remote attackers to bypass authentication and gain administrator privileges by setting the mobsuser and mobspass cookies to 1.
CVE-2008-6666
Kronos
Kronos_webta, Web_time_and_attendance
2018-10-11
N/A
N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial report was incorrect, but the reason for this conclusion is unknown.
CVE-2008-6665
Anantasoft
Ananta_cms, Ananta_gazelle, Gazelle_cms
2017-09-29
N/A
N/A
change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection.
CVE-2008-6664
Yarck
Sh-news
2017-09-29
N/A
N/A
action.php in SH-News 3.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the shuser and shpass cookies to non-zero values.
CVE-2008-6663
Phpauctions
Phpauction_gpl_enhanced
2017-09-29
N/A
N/A
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.
CVE-2008-6662
Avg, Linux
Anti-virus, Anti-virus_plus_firewall, Antivirus_plus_firewall, Avg_anti-virus, Ewido_security_suite, Identity_protection, Protection, Safeguard, Secure_browser, Secure_search_toolbar, Acrn, Audit, Dhcp6c, Direct_connect, Infiniband_hfi1_driver, Ipsec_tools_racoon_daemon, Kernel, Layer_2_tunneling_protocol, Linux_kernel, Linux_kernel_i40e/i40evf
2017-08-17
N/A
N/A
AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via a malformed UPX compressed file, which triggers memory corruption.
CVE-2008-6661
Bitdefender, Linux
Box_firmware, Box, Antivirus_plus, Endpoint_security_tool, Internet_security, Total_security, Box_2_firmware, Box_2, Antimalware_software_development_kit, Bitdefender_antivirus, Acrn, Audit, Dhcp6c, Direct_connect, Infiniband_hfi1_driver, Ipsec_tools_racoon_daemon, Kernel, Layer_2_tunneling_protocol, Linux_kernel, Linux_kernel_i40e/i40evf
2017-08-17
N/A
N/A
Multiple integer overflows in the scanning engine in Bitdefender for Linux 7.60825 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed (1) NeoLite and (2) ASProtect packed PE file.
CVE-2008-6660
Bigdump, Ozerov
Bigdump
2018-10-11
N/A
N/A
Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.
CVE-2008-6659
Simple Machines
Opencart, Phpraider, Simple_machines_forum, Simple_machines_smf, Smf, Smf_shoutbox
2017-09-29
N/A
N/A
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.
CVE-2008-6658
Simple Machines
Opencart, Phpraider, Simple_machines_forum, Simple_machines_smf, Smf, Smf_shoutbox
2017-09-29
N/A
N/A
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php.
« Previous 1 … 64 65 66 67 68 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE