CVE-ID |
Description |
CVSS-Score |
|
|
V2 |
V3 |
CVE-2008-6109 |
Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not properly enforce the privileges of user accounts, which allows local users to bypass intended access restrictions by (1) opening unspecified screens,...
|
4.6 |
None |
CVE-2008-6108 |
Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter.
|
4.3 |
None |
CVE-2008-6107 |
The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the L...
|
4.9 |
None |
CVE-2008-6106 |
Cross-site request forgery (CSRF) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x has unknown impact and remote attack vectors. NOTE: some of these det...
|
6.8 |
None |
CVE-2008-6105 |
Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecifie...
|
4.3 |
None |
CVE-2008-6104 |
SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php.
|
7.5 |
None |
CVE-2008-6103 |
PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter.
|
6.8 |
None |
CVE-2008-6102 |
SQL injection vulnerability in ratelink.php in Link Trader Script allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.
|
7.5 |
None |
CVE-2008-6101 |
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
|
7.5 |
None |
CVE-2008-6100 |
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php...
|
6.8 |
None |
CVE-2008-6099 |
PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter.
|
7.5 |
None |
CVE-2008-6098 |
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct r...
|
4.0 |
None |
CVE-2008-6097 |
Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum par...
|
4.3 |
None |
CVE-2008-6096 |
Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface l...
|
4.3 |
None |
CVE-2008-6095 |
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.
|
4.3 |
None |
CVE-2008-6094 |
Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technologies Celoxis allows remote attackers to inject arbitrary web script or HTML via the ni.smessage parameter.
|
4.3 |
None |
CVE-2008-6093 |
SQL injection vulnerability in index.php in Noname CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) file_id parameter in a detailansicht action and the (2)...
|
6.8 |
None |
CVE-2008-6092 |
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie.
|
7.5 |
None |
CVE-2008-6091 |
SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter.
|
6.8 |
None |
CVE-2008-6090 |
Directory traversal vulnerability in members.php in ScriptsEz Mini Hosting Panel allows remote attackers to read arbitrary local files via a .. (dot dot) in the dir parameter in a view action.
|
4.3 |
None |