Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
Max CVSS
9.3
EPSS Score
29.46%
Published
2008-07-31
Updated
2017-08-08
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.
Max CVSS
7.5
EPSS Score
1.31%
Published
2008-07-31
Updated
2024-01-12
Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-07-31
Updated
2017-09-29
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-07-31
Updated
2017-09-29
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-07-31
Updated
2017-09-29
SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-07-31
Updated
2017-09-29
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.
Max CVSS
7.5
EPSS Score
0.94%
Published
2008-07-31
Updated
2017-09-29
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.
Max CVSS
7.5
EPSS Score
5.08%
Published
2008-07-31
Updated
2017-09-29
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.
Max CVSS
7.5
EPSS Score
0.94%
Published
2008-07-31
Updated
2017-09-29
SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
Max CVSS
7.5
EPSS Score
0.94%
Published
2008-07-31
Updated
2017-09-29
SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-07-31
Updated
2017-09-29
The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.
Max CVSS
10.0
EPSS Score
1.06%
Published
2008-07-31
Updated
2018-10-11
Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a UDP packet containing a large value in a certain size field, followed by a data string of that size, aka attack 1 in ut3mendo.c.
Max CVSS
7.5
EPSS Score
18.14%
Published
2008-07-31
Updated
2018-10-11
SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2008-07-31
Updated
2017-09-29
SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2008-07-31
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
Max CVSS
7.5
EPSS Score
8.54%
Published
2008-07-31
Updated
2018-10-11
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
Max CVSS
7.5
EPSS Score
8.50%
Published
2008-07-31
Updated
2018-10-11
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter.
Max CVSS
7.5
EPSS Score
0.25%
Published
2008-07-31
Updated
2017-08-08
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-07-30
Updated
2018-10-11
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-07-30
Updated
2017-09-29
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-07-30
Updated
2017-09-29
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters.
Max CVSS
7.5
EPSS Score
2.55%
Published
2008-07-30
Updated
2018-10-11
SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-07-30
Updated
2017-09-29
SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-07-30
Updated
2017-09-29
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-07-30
Updated
2017-09-29
241 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!