Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-22 | CVE-2008-4645 | Code Injection vulnerability in PHPwebgallery plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function. | 9.0 |
2008-10-22 | CVE-2008-4644 | Permissions, Privileges, and Access Controls vulnerability in Mywebland Mystats hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modified X-Forwarded-For HTTP header. | 7.5 |
2008-10-22 | CVE-2008-4643 | SQL Injection vulnerability in Mywebland Mystats SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 7.5 |
2008-10-21 | CVE-2008-4642 | SQL Injection vulnerability in Astrospaces 1.1.1 SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. | 7.5 |
2008-10-21 | CVE-2008-4641 | Improper Input Validation vulnerability in Sentex Jhead The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | 10.0 |
2008-10-21 | CVE-2008-4640 | Improper Input Validation vulnerability in Sentex Jhead The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character. | 3.6 |
2008-10-21 | CVE-2008-4639 | Unspecified vulnerability in Sentex Jhead jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 4.6 |
2008-10-21 | CVE-2008-4638 | Information Exposure vulnerability in Symantec Veritas File System 5.0/Unknown qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message. | 4.6 |
2008-10-21 | CVE-2008-4637 | Cross-Site Scripting vulnerability in Cpcommerce Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. | 4.3 |
2008-10-21 | CVE-2008-4121 | Cross-Site Scripting vulnerability in Cpcommerce Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to sendtofriend.php. | 4.3 |