Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-30 | CVE-2008-4334 | Permissions, Privileges, and Access Controls vulnerability in Cannot PHP Infoboard V.7 PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1. | 7.5 |
2008-09-30 | CVE-2008-4333 | Cross-Site Scripting vulnerability in Cannot PHP Infoboard V.7 Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action. | 4.3 |
2008-09-30 | CVE-2008-4332 | SQL Injection vulnerability in Cannot PHP Infoboard V.7 SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php. | 7.5 |
2008-09-30 | CVE-2008-4331 | Path Traversal vulnerability in PHPocs 0.1 Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-09-30 | CVE-2008-4330 | Path Traversal vulnerability in Lansuite 3.3.2 Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2008-09-30 | CVE-2008-4329 | Improper Input Validation vulnerability in Openengine PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter. | 10.0 |
2008-09-30 | CVE-2008-4328 | SQL Injection vulnerability in Easyrealtorpro 2008 SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters. | 7.5 |
2008-09-30 | CVE-2008-4094 | SQL Injection vulnerability in Rubyonrails Rails and Ruby ON Rails Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. | 7.5 |
2008-09-30 | CVE-2008-4327 | Numeric Errors vulnerability in Microsoft Windows XP gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a certain crash.ico file on a web site, and allows user-assisted attackers to cause a denial of service (divide-by-zero error and persistent application crash) via this crash.ico file on the desktop, a different vulnerability than CVE-2007-2237. | 4.3 |
2008-09-30 | CVE-2008-4326 | Cross-Site Scripting vulnerability in PHPmyadmin The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. | 4.3 |