Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-30 | CVE-2008-4356 | SQL Injection vulnerability in Kasseler-Cms Kasseler CMS 1.1.0/1.2.0 Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module. | 7.5 |
| 2008-09-30 | CVE-2008-4355 | SQL Injection vulnerability in Powie Pforum 1.30 SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-09-30 | CVE-2008-4354 | SQL Injection vulnerability in NET ART Media Iboutique 4.0 SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. | 7.5 |
| 2008-09-30 | CVE-2008-4353 | SQL Injection vulnerability in Linkarity SQL injection vulnerability in link.php in Linkarity allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
| 2008-09-30 | CVE-2008-4352 | SQL Injection vulnerability in PHPsmartcom 0.2 SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php. | 7.5 |
| 2008-09-30 | CVE-2008-4351 | Path Traversal vulnerability in PHPsmartcom 0.2 Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. | 7.5 |
| 2008-09-30 | CVE-2008-4350 | SQL Injection vulnerability in Vblogix Tutorial Script SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | 7.5 |
| 2008-09-30 | CVE-2008-4349 | Cross-Site Scripting vulnerability in S0Nic Paranews 3.4 Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) page parameter in a details action. | 4.3 |
| 2008-09-30 | CVE-2008-4348 | SQL Injection vulnerability in Outshine PHPortfolio 1.3 SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-09-30 | CVE-2008-4347 | SQL Injection vulnerability in Powie Pnews 2.03 SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | 7.5 |