| Max CVSS | 9.3 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-1997 | 9.0 |
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE
|
17-01-2023 - 17:19 | 28-04-2008 - 20:05 | |
| CVE-2008-1998 | 8.5 |
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
|
31-10-2018 - 19:07 | 28-04-2008 - 20:05 | |
| CVE-2006-0480 | 4.3 |
Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.
|
19-10-2018 - 15:45 | 31-01-2006 - 11:03 | |
| CVE-2006-4142 | 7.5 |
SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter.
|
17-10-2018 - 21:33 | 14-08-2006 - 23:04 | |
| CVE-2007-1328 | 4.3 |
Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu.
|
16-10-2018 - 16:37 | 07-03-2007 - 21:19 | |
| CVE-2007-6091 | 7.5 |
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Logi
|
15-10-2018 - 21:49 | 22-11-2007 - 00:46 | |
| CVE-2008-2066 | 4.3 |
Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 ar
|
11-10-2018 - 20:39 | 02-05-2008 - 23:20 | |
| CVE-2008-2067 | 7.5 |
SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.
|
11-10-2018 - 20:39 | 02-05-2008 - 23:20 | |
| CVE-2008-2069 | 9.3 |
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
|
11-10-2018 - 20:39 | 02-05-2008 - 23:20 | |
| CVE-2008-1990 | 7.5 |
Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.
|
11-10-2018 - 20:38 | 27-04-2008 - 21:05 | |
| CVE-2008-1991 | 4.3 |
Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
|
11-10-2018 - 20:38 | 27-04-2008 - 21:05 | |
| CVE-2008-2045 | 5.0 |
Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache f
|
11-10-2018 - 20:38 | 01-05-2008 - 19:05 | |
| CVE-2008-2008 | 9.3 |
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.
|
11-10-2018 - 20:38 | 29-04-2008 - 13:09 | |
| CVE-2008-1992 | 7.5 |
Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromNam
|
11-10-2018 - 20:38 | 27-04-2008 - 21:05 | |
| CVE-2008-2036 | 7.5 |
SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action.
|
11-10-2018 - 20:38 | 30-04-2008 - 16:17 | |
| CVE-2008-2044 | 7.5 |
includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this varia
|
11-10-2018 - 20:38 | 01-05-2008 - 19:05 | |
| CVE-2008-1993 | 7.5 |
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files.
|
11-10-2018 - 20:38 | 27-04-2008 - 21:05 | |
| CVE-2008-2026 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE
|
11-10-2018 - 20:38 | 30-04-2008 - 14:10 | |
| CVE-2008-4521 | 7.5 |
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.
|
29-09-2017 - 01:32 | 09-10-2008 - 18:14 | |
| CVE-2011-3487 | 5.0 |
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
|
16-09-2017 - 01:29 | 16-09-2011 - 14:28 |