Vulnerabilities > Preproject
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-09 | CVE-2010-4959 | SQL Injection vulnerability in Preproject PRE Podcast Portal SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
2009-07-02 | CVE-2008-6847 | Cross-Site Scripting vulnerability in Preproject PRE ASP JOB Board Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2009-02-27 | CVE-2008-6329 | SQL Injection vulnerability in Preproject PRE ASP JOB Board SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. | 7.5 |
2009-02-20 | CVE-2008-6228 | Credentials Management vulnerability in Preproject PRE Multi-Vendor Shopping Malls Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | 7.5 |
2009-02-20 | CVE-2008-6227 | SQL Injection vulnerability in Preproject PRE Multi-Vendor Shopping Malls SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters. | 7.5 |
2009-02-20 | CVE-2008-6226 | SQL Injection vulnerability in Preproject PHP Auto Listings Script NIL SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter. | 6.8 |
2008-11-13 | CVE-2008-5058 | SQL Injection vulnerability in Preproject PRE Simple CMS SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. | 7.5 |
2008-07-25 | CVE-2008-3310 | SQL Injection vulnerability in Preproject PRE Survey Poll SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |