Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-07 | CVE-2008-4462 | SQL Injection vulnerability in Vastal I-Tech Visa Zone SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | 7.5 |
| 2008-10-07 | CVE-2008-4461 | SQL Injection vulnerability in Vastal I-Tech Dating Zone 0.9.9 SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter. | 7.5 |
| 2008-10-07 | CVE-2008-4460 | SQL Injection vulnerability in Vastal I-Tech Mmorpg Zone SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the game_id parameter. | 7.5 |
| 2008-10-07 | CVE-2008-4459 | SQL Injection vulnerability in Extrovert Software Thyme 1.3 SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. | 7.5 |
| 2008-10-07 | CVE-2008-4458 | SQL Injection vulnerability in E-PHP Scripts B2B Trading Marketplace Script SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action. | 7.5 |
| 2008-10-07 | CVE-2008-4457 | SQL Injection vulnerability in Memht Portal SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php. | 6.8 |
| 2008-10-06 | CVE-2008-4456 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. | 2.6 |
| 2008-10-06 | CVE-2008-4455 | Path Traversal vulnerability in Mysql Quick Admin Mysql Quick Admin 1.5.5 Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. | 6.8 |
| 2008-10-06 | CVE-2008-4454 | Path Traversal vulnerability in Mysql Quick Admin Mysql Quick Admin 1.5.5 Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to read and execute arbitrary files via a .. | 6.8 |
| 2008-10-06 | CVE-2008-4453 | Permissions, Privileges, and Access Controls vulnerability in Dspicture Light Imaging Toolkit and PRO Imaging SDK The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. | 9.3 |