Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4090 | 1 Vikingboard | 1 Vikingboard | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to inc/lib/screen.php or (2) the title parameter to post.php. NOTE: vector 2 might overlap CVE-2006-6283. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4087 | 1 Alstrasoft | 1 Video Share Enterprise | 2008-11-15 | 4.3 MEDIUM | N/A |
| AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php. | |||||
| CVE-2007-4086 | 1 Alstrasoft | 1 Video Share Enterprise | 2008-11-15 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php. | |||||
| CVE-2007-4084 | 1 Alstrasoft | 1 Affiliate Network Pro | 2008-11-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via (1) the pgmid parameter in an uploadProducts action to merchants/index.php and possibly (2) the rowid parameter to merchants/temp.php. | |||||
| CVE-2007-4083 | 1 Alstrasoft | 1 Askme Pro | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php. | |||||
| CVE-2007-4082 | 1 Alstrasoft | 1 Article Manager Pro | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter. | |||||
| CVE-2007-4081 | 1 Alstrasoft | 1 Affiliate Network Pro | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1. | |||||
| CVE-2007-4080 | 1 Alstrasoft | 1 E-friends | 2008-11-15 | 6.4 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the p_id parameter in a people_card action. NOTE: this might overlap CVE-2006-2564. | |||||
| CVE-2007-4079 | 1 Alstrasoft | 1 Sms Text Messaging Enterprise | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS Text Messaging Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) q parameter to (a) admin/membersearch.php, or (3) the userid parameter to (b) admin/edituser.php. | |||||
| CVE-2007-4078 | 1 Alstrasoft | 1 Text Ads Enterprise | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text Ads Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) r parameter to (a) forgot_uid.php, the (2) query or (3) sk parameter to (b) search_results.php, or (4) the pageId parameter to (c) website_page.php. | |||||
| CVE-2007-4077 | 1 Alstrasoft | 1 Video Share Enterprise | 2008-11-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to inject arbitrary web script or HTML via the (1) msg, (2) page, (3) viewkey, or (4) viewtype parameter to (a) view_video.php; the (5) next parameter to (b) signup.php; the (6) search_id parameter to (c) search_result.php; the (7) category or (8) page parameter to (d) video.php; the (9) receiver parameter to (e) compose.php; the (10) catgy parameter to (f) groups.php; the (11) channelname parameter to (g) siteadmin/channels.php; or the (12) uname parameter to (h) siteadmin/muser.php. | |||||
| CVE-2007-4076 | 1 Asp Indir | 1 Alisveris Sitesi Script | 2008-11-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to execute arbitrary SQL commands via the (1) product_id or (2) cat_id parameter in a product mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4075 | 1 Asp Indir | 1 Alisveris Sitesi Script | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-4052 | 1 Nukedit | 1 Nukedit | 2008-11-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in utilities/login.asp in nukedit 4.9.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3965 | 1 Ufmod | 1 Ufmod Xm Player Library | 2008-11-15 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and attack vectors, possibly related to malformed files, and possibly an integer signedness error for relative note instruments. | |||||
| CVE-2007-3964 | 1 Itaka | 1 Itaka | 2008-11-15 | 5.0 MEDIUM | N/A |
| Itaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot. | |||||
| CVE-2007-3961 | 1 Fsp | 1 C Library | 2008-11-15 | 5.0 MEDIUM | N/A |
| Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added. | |||||
| CVE-2007-3931 | 1 Samsung | 1 Scx-4200 Driver | 2008-11-15 | 4.4 MEDIUM | N/A |
| The wrap_setuid_third_party_application function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges. | |||||
| CVE-2007-3804 | 1 Clavister | 1 Clavister Coreplus | 2008-11-15 | 5.0 MEDIUM | N/A |
| The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files. | |||||
| CVE-2007-3789 | 1 Inmostore | 1 Inmostore | 2008-11-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||