CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2008-2882 – shibby shop 2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2882
26 Jun 2008 — upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. upgrade.asp de sHibby sHop 2.2 y anteriores, no requiere la autenticación del administrador; esto permite a atacantes remotos actualizar un fichero o tener otros impactos no especificados mediante una petición directa. • https://www.exploit-db.com/exploits/5895 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2448 – Meto Forum 1.1 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-2448
27 May 2008 — Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp. Múltiples vulnerabilidades de inyección SQL en Meto Forum 1.1 permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) id de (a) admin/duzenle.asp y (b) admin_o... • https://www.exploit-db.com/exploits/5608 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 5CVE-2008-2334 – philboard 0.5 - 'W1L3D4_foruma_yeni_konu_ac.asp?forumid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2334
19 May 2008 — Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) forumid parameter to (a) admin/philboard_admin-forumedit.asp, (b) admin/philboard_admin-forum.asp, and (c) W1L3D4_foruma_yeni_konu_ac.asp; the (2) id parameter to (d) W1L3D4_konuoku.asp and (e) W1L3D4_konuya_mesaj_yaz.asp; and the (3) topic parameter to W1L3D4_konuya_mesaj_yaz.asp, different vectors than CVE-2008-1939, CVE-2007-2641, and CVE-2007-0920. NOTE: the provenance of t... • https://www.exploit-db.com/exploits/31797 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2047 – Angelo-Emlak 1.0 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-2047
01 May 2008 — Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp. Múltiples vulnerabilidades de inyección SQL en Angelo-Emlak 1.0 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id a (1) hpz/profil.asp y (2) hpz/prodetail.asp. • https://www.exploit-db.com/exploits/5503 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 1CVE-2008-2048 – Angelo-Emlak 1.0 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-2048
01 May 2008 — Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) de hpz/admin/Default.asp in Angelo-Emlak 1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro sayfa. • https://www.exploit-db.com/exploits/5503 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1939 – W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1939
24 Apr 2008 — Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0920. Múltiples Vulnerabilidades de Inyección SQL en W1L3D4 Philboard 1.0, permiten a atacantes remotos ejecutar comandos SQL arbitrariamente a través de los parámetros (1) id y (2) topic en (a) philboard_reply.as... • https://www.exploit-db.com/exploits/5475 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2007-4433
https://notcve.org/view.php?id=CVE-2007-4433
20 Aug 2007 — Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en textfilesearch.aspx en la edición Text File Search ASP.NET permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo de búsqueda (search). • http://osvdb.org/37734 •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 2CVE-2007-4434 – Text File Search Classic - 'TextFileSearch.asp' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4434
20 Aug 2007 — Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en textfilesearch.asp en la edición Text File Search ASP (Classic) permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro query. • https://www.exploit-db.com/exploits/30505 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4297
https://notcve.org/view.php?id=CVE-2007-4297
10 Aug 2007 — Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en yorumkaydet.asp de Dersimiz Haber Ekleme Modulu permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección median... • http://osvdb.org/37537 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2007-3884 – husrevforum 1.0.1/2.0.1 - 'Philboard_forum.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2007-3884
18 Jul 2007 — SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected. Una vulnerabilidad de inyección SQL en el archivo philboard_forum.asp en husrevforum versión 1.0.1, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro forumid. NOTA: más tarde se reportó que la versión 2.0.1 también está afectada. • https://www.exploit-db.com/exploits/30316 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •