Blog

CVE-2008-5063

PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter. (CVSS:10.0) (Last Update:2017-09-28)


November 13, 2008 0

CVE-2008-4037

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as de…


November 12, 2008 0

CVE-2008-2992

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008…


November 4, 2008 0

CVE-2008-4885

SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter. (CVSS:7.5) (Last Update:2013-07-11)


November 3, 2008 0

CVE-2008-4897

SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter. (CVSS:6.8) (Last Update:2017-09-28)


November 3, 2008 0

CVE-2008-4751

Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597. (CVSS:4.3) (Last Update:2018-10-11)


October 27, 2008 0

CVE-2008-4765

SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so …


October 27, 2008 0

CVE-2008-4653

SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party informa…


October 21, 2008 0

CVE-2008-4652

Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property. (CVSS:9.3) (Last Update:2012-10-04)


October 21, 2008 0

CVE-2008-4627

SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php. (CVSS:7.5) (Last Update:2012-10-29)


October 20, 2008 0