Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-09 | CVE-2008-4503 | Clickjacking vulnerability in RETIRED: Adobe Flash Player The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking." network adobe | 6.8 |
| 2008-10-09 | CVE-2008-4502 | Code Injection vulnerability in Datafeedfile DFF Framework API Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/. | 10.0 |
| 2008-10-09 | CVE-2008-4501 | Path Traversal vulnerability in Solarwinds Serv-U File Server Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command. | 9.0 |
| 2008-10-09 | CVE-2008-4500 | Improper Input Validation vulnerability in Solarwinds Serv-U File Server Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted stou command, probably related to MS-DOS device names, as demonstrated using "con:1". | 4.0 |
| 2008-10-09 | CVE-2008-4499 | Path Traversal vulnerability in PHP web Explorer PHP web Explorer Lite 0.99A Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. | 9.3 |
| 2008-10-09 | CVE-2008-4498 | SQL Injection vulnerability in PHPautos 2.9.1 SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2008-10-09 | CVE-2008-4497 | SQL Injection vulnerability in Built2Go Real Estate Listings 1.5 SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | 7.5 |
| 2008-10-09 | CVE-2008-4496 | SQL Injection vulnerability in Select Development Solutions PHP Realtor 1.5 SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | 7.5 |
| 2008-10-09 | CVE-2008-4495 | SQL Injection vulnerability in Select Development Solutions PHP Auto Dealer 2.7 SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | 7.5 |
| 2008-10-09 | CVE-2008-4494 | SQL Injection vulnerability in Torrenttrader 1.04 SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |