adaptcms -- adaptcms |
SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. |
2008-10-09 | 7.5 | CVE-2008-4524 CONFIRM SECUNIA |
adobe -- flash_player |
Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, allows remote attackers to bypass the allowScriptAccess parameter setting via a crafted SWF file with unspecified "Filter evasion" manipulations. |
2008-10-06 | 9.3 | CVE-2008-3872 XF CONFIRM MISC |
ampjuke -- ampjuke |
SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action. |
2008-10-09 | 7.5 | CVE-2008-4525 BID SECUNIA MISC |
apache -- xerces-c++ |
The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file. |
2008-10-07 | 7.8 | CVE-2008-4482 BID |
apple -- cups |
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. |
2008-10-10 | 10.0 | CVE-2008-3641 BID CONFIRM |
apple -- mac_os_x apple -- mac_os_x_server |
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile. |
2008-10-10 | 9.3 | CVE-2008-3642 BID APPLE |
apple -- mac_os_x apple -- mac_os_x_server |
Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue." |
2008-10-10 | 7.8 | CVE-2008-3643 BID |
apple -- mac_os_x apple -- mac_os_x_server |
Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors. |
2008-10-10 | 7.2 | CVE-2008-3645 BID |
apple -- mac_os_x apple -- mac_os_x_server |
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment. |
2008-10-10 | 9.3 | CVE-2008-3647 BID APPLE |
apple -- mac_os_x apple -- mac_os_x_server |
Integer signedness error in QuickLook in Mac OS X 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access. |
2008-10-10 | 10.0 | CVE-2008-4211 BID |
apple -- mac_os_x apple -- mac_os_x_server |
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. |
2008-10-10 | 10.0 | CVE-2008-4212 BID |
apple -- mac_os_x_server |
Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. |
2008-10-10 | 7.5 | CVE-2008-4215 BID |
asicms -- asicms |
Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/. |
2008-10-09 | 7.5 | CVE-2008-4529 BID MILW0RM |
atarone -- atarone |
Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
2008-10-07 | 10.0 | CVE-2008-4489 XF BID SECUNIA |
autodesk -- design_review autodesk -- dwf_viewer autodesk -- revit_architecture |
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method. |
2008-10-07 | 9.3 | CVE-2008-4471 BUGTRAQ MILW0RM FRSIRT SECUNIA MISC |
autodesk -- design_review autodesk -- dwf_viewer autodesk -- revit_architecture |
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method. |
2008-10-07 | 9.3 | CVE-2008-4472 BUGTRAQ MILW0RM FRSIRT MISC |
blue_coat_systems -- k9_web_protection |
Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript. |
2008-10-09 | 7.5 | CVE-2008-4515 XF BID FULLDISC MISC |
built2go -- real_estate_listings |
SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. |
2008-10-08 | 7.5 | CVE-2008-4497 BID MILW0RM |
cambridge_computer_corporation -- vxftpsrv |
Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allows remote attackers to cause a denial of service (crash and hang) and possibly execute arbitrary code via a long CWD request. |
2008-10-06 | 9.0 | CVE-2008-4452 BID MILW0RM |
cisco -- unity |
Unspecified vulnerability in Cisco Unity 4.x before 4.0ES161, 5.x before 5.0ES53, and 7.x before 7.0ES8, when using anonymous authentication, allows remote attackers to bypass authentication and read or modify system configuration parameters via unknown vectors. |
2008-10-08 | 9.3 | CVE-2008-3814 CISCO |
condor_project -- condor |
Condor before 7.0.5 does not properly handle when the configuration specifies overlapping netmasks in allow or deny rules, which causes the rule to be ignored and allows attackers to bypass intended access restrictions. |
2008-10-08 | 7.2 | CVE-2008-3830 SECTRACK BID REDHAT REDHAT FRSIRT CONFIRM SECUNIA SECUNIA |
customcms -- ccms |
Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php. |
2008-10-09 | 10.0 | CVE-2008-4526 BID MILW0RM |
datafeedfile -- dff_framework_api |
Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/. |
2008-10-08 | 10.0 | CVE-2008-4502 MILW0RM |
debian -- xsabre |
A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files. |
2008-10-03 | 7.2 | CVE-2008-4406 XF BID MLIST CONFIRM |
debian -- feta |
The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on a temporary file. |
2008-10-03 | 7.2 | CVE-2008-4440 BID DEBIAN SECUNIA CONFIRM |
drupal -- brilliant_gallery |
SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338. |
2008-10-09 | 7.5 | CVE-2008-4531 XF BID SECUNIA CONFIRM |
dspicture -- light_imaging_toolkit dspicture -- pro_imaging_sdk |
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. |
2008-10-06 | 9.3 | CVE-2008-4453 BID |
e-php_scripts -- b2b_trading_marketplace_script |
SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action. |
2008-10-06 | 7.5 | CVE-2008-4458 BID SECUNIA MISC |
ec-cube -- ec-cube |
SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
2008-10-10 | 7.5 | CVE-2008-4534 CONFIRM |
eset_software -- system_analyzer_tool |
The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain IOCTL request to \Device\esiasdrv that overwrites a pointer. |
2008-10-06 | 7.2 | CVE-2008-4451 BID MISC MILW0RM |
extrovert_software -- thyme |
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information. |
2008-10-06 | 7.5 | CVE-2008-4459 BID MISC SECUNIA |
fastpublish -- fastpublish_cms |
Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php. |
2008-10-09 | 7.5 | CVE-2008-4518 BID MILW0RM SECUNIA |
fastpublish -- fastpublish_cms |
Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php. |
2008-10-09 | 7.5 | CVE-2008-4519 BID MILW0RM SECUNIA |
force10 -- ftos freebsd -- freebsd juniper -- jnos netbsd -- netbsd openbsd -- openbsd windriver -- vxworks |
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB). |
2008-10-03 | 9.3 | CVE-2008-2476 CONFIRM CONFIRM CERT-VN MISC XF BID OPENBSD OPENBSD FRSIRT FRSIRT FRSIRT SECTRACK FREEBSD SECUNIA SECUNIA SECUNIA |
foss_gallery -- foss_gallery |
Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory. |
2008-10-09 | 10.0 | CVE-2008-4509 XF BID MILW0RM MILW0RM MILW0RM |
freeradius -- freeradius |
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct. |
2008-10-07 | 7.2 | CVE-2008-4474 BID MISC SECUNIA MLIST CONFIRM |
galerie -- galerie |
SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter. |
2008-10-09 | 7.5 | CVE-2008-4516 XF BID MILW0RM |
geccbblite -- geccbblite |
SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
2008-10-09 | 7.5 | CVE-2008-4517 BID MILW0RM |
gnu -- ibackup |
ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. |
2008-10-07 | 7.2 | CVE-2008-4475 MLIST MISC CONFIRM |
hammer-software -- metagauge |
Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38, allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the URL. |
2008-10-07 | 7.8 | CVE-2008-4421 BID |
hp -- oncplus |
Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on HP-UX B.11.31 allows remote attackers to cause a denial of service via unknown attack vectors. |
2008-10-07 | 7.8 | CVE-2008-3543 HP |
ibm -- lotus_quickr |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability. |
2008-10-09 | 7.8 | CVE-2008-4505 XF BID FRSIRT CONFIRM SECUNIA |
ibm -- lotus_quickr |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. |
2008-10-09 | 7.5 | CVE-2008-4506 XF BID FRSIRT CONFIRM SECUNIA |
ibm -- lotus_quickr |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors. |
2008-10-09 | 7.5 | CVE-2008-4507 XF BID FRSIRT CONFIRM SECUNIA |
ip_reg -- ip_reg |
SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter. |
2008-10-09 | 7.5 | CVE-2008-4523 XF BID MILW0RM |
iseemedia -- lpviewer mgi_software -- lpviewer roxio -- lpviewer |
Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods. |
2008-10-07 | 9.3 | CVE-2008-4384 CERT-VN XF BID FRSIRT SECUNIA |
jesse-web -- jmweb_mp3_music_audio_search_and_download_script |
Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php. |
2008-10-09 | 7.5 | CVE-2008-4522 BID MILW0RM SECUNIA |
jim_trocki -- mon |
alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attack on the test.alert.log temporary file. |
2008-10-07 | 7.2 | CVE-2008-4477 MLIST CONFIRM |
libvirt -- libvirt |
libvirt 0.3.3 relies on files located under subdirectories of /local/domain in xenstore despite lack of protection against modification by Xen guest virtual machines, which allows guest OS users to have an unspecified impact, as demonstrated by writing to (1) the text console (console/tty) or (2) the VNC port for the graphical framebuffer. |
2008-10-03 | 7.2 | CVE-2008-4405 CONFIRM MISC CONFIRM SECTRACK FRSIRT SECUNIA MLIST MLIST MLIST |
lighttpd -- lighttpd |
lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data. |
2008-10-03 | 7.5 | CVE-2008-4359 CONFIRM |
lighttpd -- lighttpd |
mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files. |
2008-10-03 | 7.8 | CVE-2008-4360 CONFIRM CONFIRM CONFIRM |
mirc -- mirc |
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message. |
2008-10-06 | 9.3 | CVE-2008-4449 XF BID MILW0RM MILW0RM FRSIRT SECUNIA |
numark -- cue |
Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname. |
2008-10-06 | 9.3 | CVE-2008-4470 XF BID MILW0RM FRSIRT |
phlatline -- personal_information_manager |
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action. |
2008-10-09 | 7.5 | CVE-2008-4528 BID MILW0RM |
php-fusion -- world_of_warcraft_tracker_infusion_module |
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter. |
2008-10-09 | 7.5 | CVE-2008-4521 BID MILW0RM |
php-fusion -- recepies_module |
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information. |
2008-10-09 | 7.5 | CVE-2008-4527 BID MILW0RM SECUNIA |
php_web_explorer -- php_web_explorer_lite |
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php. |
2008-10-08 | 9.3 | CVE-2008-4499 XF BID BUGTRAQ |
phpautos -- phpautos |
SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
2008-10-08 | 7.5 | CVE-2008-4498 BID MILW0RM SECUNIA |
rmsoft -- minishop_module |
SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter. |
2008-10-03 | 7.5 | CVE-2008-4433 MISC |
select_development_solutions -- php_auto_dealer |
SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. |
2008-10-08 | 7.5 | CVE-2008-4495 MILW0RM SECUNIA |
select_development_solutions -- php_realtor |
SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. |
2008-10-08 | 7.5 | CVE-2008-4496 MILW0RM SECUNIA |
serv-u -- serv-u_file_server |
Directory traversal vulnerability in the FTP server in Serv-U 7.3, and 7.2.0.1 and earlier, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command. |
2008-10-08 | 9.0 | CVE-2008-4501 FRSIRT |
sympa -- sympa |
sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability. |
2008-10-07 | 7.2 | CVE-2008-4476 MLIST CONFIRM |
tonec_inc. -- internet_download_manager |
Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. NOTE: this is probably a different vulnerability than CVE-2005-2210. |
2008-10-09 | 7.8 | CVE-2008-4508 XF BID MISC |
torrenttrader -- torrenttrader |
SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
2008-10-08 | 7.5 | CVE-2008-4494 BID MILW0RM SECUNIA |
trend_micro -- officescan |
Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors. |
2008-10-03 | 10.0 | CVE-2008-4402 BID |
v-webmail -- v-webmail |
SQL injection vulnerability in login.php in V-webmail 1.5.0 might allow remote attackers to execute arbitrary SQL commands via the username parameter. |
2008-10-07 | 7.5 | CVE-2008-3063 OSVDB MISC |
vastal_i-tech -- mmorpg_zone |
SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the game_id parameter. |
2008-10-06 | 7.5 | CVE-2008-4460 XF BID MILW0RM |
vastal_i-tech -- dating_zone |
SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter. |
2008-10-06 | 7.5 | CVE-2008-4461 XF BID MILW0RM |
vastal_i-tech -- visa_zone |
SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. |
2008-10-06 | 7.5 | CVE-2008-4462 XF BID MILW0RM |
vastal_i-tech -- jobs_zone |
SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. |
2008-10-06 | 7.5 | CVE-2008-4463 XF BID MILW0RM |
vastal_i-tech -- mag_zone |
SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
2008-10-06 | 7.5 | CVE-2008-4464 XF BID MILW0RM |
vastal_i-tech -- dvd_zone |
SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
2008-10-06 | 7.5 | CVE-2008-4465 XF BID MILW0RM |
vastal_i-tech -- cosmetics_zone |
SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
2008-10-06 | 7.5 | CVE-2008-4466 XF BID MILW0RM SECUNIA |
vastal_i-tech -- toner_cart |
SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter. |
2008-10-06 | 7.5 | CVE-2008-4467 XF BID MILW0RM |
vastal_i-tech -- share_zone |
SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter. |
2008-10-06 | 7.5 | CVE-2008-4468 XF BID MILW0RM |
vastal_i-tech -- freelance_zone |
SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter. |
2008-10-06 | 7.5 | CVE-2008-4469 XF BID MILW0RM |
yerba -- yerba |
Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. |
2008-10-07 | 10.0 | CVE-2008-4486 BID BUGTRAQ MILW0RM FRSIRT |
yourownbux -- yourownbux |
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie. |
2008-10-08 | 7.5 | CVE-2008-4492 BID MILW0RM |