Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-21 | CVE-2008-4627 | SQL Injection vulnerability in Rgallery Plugin 1.09 SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php. | 7.5 |
| 2008-10-21 | CVE-2008-4626 | Path Traversal vulnerability in Zirkon BOX Yappa-Ng 2.3.2 Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-10-21 | CVE-2008-4625 | SQL Injection vulnerability in Shiftthis Shifthis Newsletter SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683. | 7.5 |
| 2008-10-21 | CVE-2008-4624 | Code Injection vulnerability in Ftrsoft Fast Click SQL Lite 1.1.7 PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter. | 9.3 |
| 2008-10-21 | CVE-2008-4623 | SQL Injection vulnerability in Martin Diphoorn COM Ds-Syndicate 1.1.1 SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php. | 7.5 |
| 2008-10-21 | CVE-2008-4622 | Improper Authentication vulnerability in PHPfastnews 1.0.0 The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1. | 7.5 |
| 2008-10-21 | CVE-2008-4621 | SQL Injection vulnerability in Zeescripts Zeeproperty SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter. | 7.5 |
| 2008-10-21 | CVE-2008-4620 | SQL Injection vulnerability in Mrbs SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php. | 7.5 |
| 2008-10-21 | CVE-2008-1547 | Open Redirect vulnerability in Microsoft Exchange Server 2003 Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. | 4.3 |
| 2008-10-21 | CVE-2008-4619 | Unspecified vulnerability in SUN Sunos 5.9 The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. | 10.0 |