Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2010-04-13	CVE-2010-1371	Cross-Site Scripting vulnerability in Preprojects PRE Classified Listings ASP Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter. network preprojects CWE-79	4.3
2009-08-24	CVE-2008-7052	Improper Input Validation vulnerability in Preprojects PRE Real Estate Listings Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/. network low complexity preprojects CWE-20	6.5
2009-08-03	CVE-2008-6888	Cross-Site Scripting vulnerability in Preprojects PRE Classified Listings 1.0 Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter. network preprojects CWE-79	4.3
2009-04-13	CVE-2008-6715	Cross-Site Scripting vulnerability in Preprojects PRE ADS Portal Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.php and (2) homeadmin/signinform.php. network preprojects CWE-79	4.3
2009-02-04	CVE-2008-6055	Permissions, Privileges, and Access Controls vulnerability in Preprojects PRE Classified Listings PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. network low complexity preprojects CWE-264	5.0
2009-02-04	CVE-2008-6053	Permissions, Privileges, and Access Controls vulnerability in Preprojects PRE Resume Submitter PreProjects Pre Resume Submitter stores onlineresume.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. network low complexity preprojects CWE-264	5.0
2009-02-04	CVE-2008-6052	Permissions, Privileges, and Access Controls vulnerability in Preprojects PRE E-Learning Portal PreProjects Pre E-Learning Portal stores db_elearning.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. network low complexity preprojects CWE-264	5.0
2009-01-27	CVE-2008-5976	Cross-Site Scripting vulnerability in Preprojects PHP Jobwebsite PRO Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field. network preprojects CWE-79	4.3
2008-06-30	CVE-2008-2916	SQL Injection vulnerability in Preprojects PRE ADS Portal Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to showcategory.php and the (2) id parameter to software-description.php. network preprojects CWE-89	6.8