Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 703

Количество 331 703

nvd логотип

CVE-2008-4088

больше 17 лет назад

SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-4087

больше 17 лет назад

Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2008-4086

больше 17 лет назад

SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-4085

больше 17 лет назад

plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.

CVSS2: 4.4
EPSS: Низкий
nvd логотип

CVE-2008-4084

больше 17 лет назад

SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2008-4083

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information.

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2008-4082

больше 17 лет назад

SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php.

CVSS2: 4.6
EPSS: Низкий
nvd логотип

CVE-2008-4081

больше 17 лет назад

admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-4080

больше 17 лет назад

SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2008-4079

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-4078

больше 17 лет назад

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2008-4077

больше 17 лет назад

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2008-4076

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-4075

больше 17 лет назад

Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2008-4074

больше 17 лет назад

SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-4073

больше 17 лет назад

SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-4072

больше 17 лет назад

Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-4071

больше 17 лет назад

A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2008-4070

больше 17 лет назад

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2008-4069

больше 17 лет назад

The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.

CVSS2: 5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2008-4088

SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4087

Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field.

CVSS2: 6.8
4%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4086

SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4085

plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.

CVSS2: 4.4
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4084

SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.

CVSS2: 6.8
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4083

Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information.

CVSS2: 3.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4082

SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php.

CVSS2: 4.6
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4081

admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie.

CVSS2: 7.5
2%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4080

SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information.

CVSS2: 6.8
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4079

Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4078

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS2: 6.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4077

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

CVSS2: 7.8
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4076

Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917.

CVSS2: 4.3
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4075

Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter.

CVSS2: 6.8
3%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4074

SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4073

SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4072

Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4071

A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL.

CVSS2: 5
6%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4070

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."

CVSS2: 10
3%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-4069

The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.

CVSS2: 5
1%
Низкий
больше 17 лет назад

Уязвимостей на страницу