Blog

CVE-2008-6359

Cross-site scripting (XSS) vulnerability in index.php in Max’s Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters. (CVSS:4.3) (Last Update:2018-01-10)


March 2, 2009 0

CVE-2008-6282

SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php. (CVSS:6.5) (Last Update:201…


February 25, 2009 0

CVE-2008-6264

SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. (CVSS:7.5) (Last Update:2017-09-28)


February 24, 2009 0

CVE-2008-6132

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. (CVSS:6.8) (Last Update:2017-09-28)


February 13, 2009 0

CVE-2009-0534

SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter. (CVSS:7.5) (Last Update:2017-08-07)


February 11, 2009 0

CVE-2009-0526

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI. (CVSS:4.3) (Last Update:2017-08-07)


February 11, 2009 0

CVE-2009-0531

SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter. (CVSS:7.5) (Last Update:2017-08-07)


February 11, 2009 0

CVE-2009-0527

PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. (CVSS:6.8) (Last Update:2017-08-07)


February 11, 2009 0

CVE-2009-0443

Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows remote attackers to execute arbitrary code via an M3U file containing a long string in a URL. (CVSS:9.3) (Last Update:2013-08-31)


February 10, 2009 0

CVE-2009-0454

Multiple SQL injection vulnerabilities in DMXReady Online Notebook Manager 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. NOTE: some third parties report inability to verify this issue. (CVSS:7…


February 10, 2009 0