Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-18 | CVE-2008-4605 | SQL Injection vulnerability in Cafeengine Easycafeengine 1.1 SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php. | 7.5 |
| 2008-10-18 | CVE-2008-4604 | SQL Injection vulnerability in Cafeengine Easycafeengine 1.1 SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | 7.5 |
| 2008-10-18 | CVE-2008-4603 | SQL Injection vulnerability in Igaming CMS 2.0 SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action. | 7.5 |
| 2008-10-18 | CVE-2008-4602 | Path Traversal vulnerability in Qualityunit Post Affiliate PRO 2.0 Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. | 6.5 |
| 2008-10-18 | CVE-2008-4601 | Cross-Site Scripting vulnerability in Habari CMS 0.5.1 Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. | 4.3 |
| 2008-10-18 | CVE-2008-4600 | Permissions, Privileges, and Access Controls vulnerability in Steve Dawson Pokermax Poker League Tournament Script 0.13 configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie. | 7.5 |
| 2008-10-18 | CVE-2008-4599 | SQL Injection vulnerability in Mosaic Commerce Mosaic Commerce SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
| 2008-10-17 | CVE-2008-4598 | Cross-Site Scripting vulnerability in Drupal Shindig-Integrator 5 Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597. | 7.5 |
| 2008-10-17 | CVE-2008-4597 | Permissions, Privileges, and Access Controls vulnerability in Drupal Shindig-Integrator 5 Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors. | 7.5 |
| 2008-10-17 | CVE-2008-4596 | Cross-Site Scripting vulnerability in Drupal Shindig-Integrator 5 Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages. | 4.3 |