Vulnerabilities > Preprojects
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-03 | CVE-2008-6887 | SQL Injection vulnerability in Preprojects PRE Classified Listings 1.0 SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter. | 7.5 |
| 2009-05-07 | CVE-2008-6798 | SQL Injection vulnerability in Preprojects PRE Real Estate Listings Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field). | 7.5 |
| 2009-05-07 | CVE-2008-6796 | SQL Injection vulnerability in Preprojects PRE Real Estate Listings SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field). | 7.5 |
| 2009-04-13 | CVE-2008-6716 | Improper Authentication vulnerability in Preprojects PRE ADS Portal homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not require administrative authentication, which allows remote attackers to have an unspecified impact via a direct request. | 7.5 |
| 2009-04-13 | CVE-2008-6715 | Cross-Site Scripting vulnerability in Preprojects PRE ADS Portal Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.php and (2) homeadmin/signinform.php. | 4.3 |
| 2009-02-20 | CVE-2008-6232 | Credentials Management vulnerability in Preprojects PRE Shopping Mall Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | 7.5 |
| 2009-02-20 | CVE-2008-6231 | Credentials Management vulnerability in Preprojects PRE Classified Listings Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | 7.5 |
| 2009-02-20 | CVE-2008-6230 | SQL Injection vulnerability in Preprojects PRE Podcast Portal SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2009-02-04 | CVE-2008-6055 | Permissions, Privileges, and Access Controls vulnerability in Preprojects PRE Classified Listings PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | 5.0 |
| 2009-02-04 | CVE-2008-6053 | Permissions, Privileges, and Access Controls vulnerability in Preprojects PRE Resume Submitter PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. | 5.0 |