CVE-2008-2882 – shibby shop 2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2882
upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request. upgrade.asp de sHibby sHop 2.2 y anteriores, no requiere la autenticación del administrador; esto permite a atacantes remotos actualizar un fichero o tener otros impactos no especificados mediante una petición directa. • https://www.exploit-db.com/exploits/5895 http://secunia.com/advisories/30787 http://securityreason.com/securityalert/3962 https://exchange.xforce.ibmcloud.com/vulnerabilities/43296 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-2448 – Meto Forum 1.1 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-2448
Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp. Múltiples vulnerabilidades de inyección SQL en Meto Forum 1.1 permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) id de (a) admin/duzenle.asp y (b) admin_oku.asp; el parámetro (2) kid de (c) kategori.asp y (d) admin_kategori.asp; y parámetros no especificados de (e) uye.asp y (f) oku.asp. • https://www.exploit-db.com/exploits/5608 http://secunia.com/advisories/30233 http://www.securityfocus.com/bid/29189 http://www.securityfocus.com/bid/29192 https://exchange.xforce.ibmcloud.com/vulnerabilities/42390 https://exchange.xforce.ibmcloud.com/vulnerabilities/42398 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-2334 – philboard 0.5 - 'W1L3D4_foruma_yeni_konu_ac.asp?forumid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2334
Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) forumid parameter to (a) admin/philboard_admin-forumedit.asp, (b) admin/philboard_admin-forum.asp, and (c) W1L3D4_foruma_yeni_konu_ac.asp; the (2) id parameter to (d) W1L3D4_konuoku.asp and (e) W1L3D4_konuya_mesaj_yaz.asp; and the (3) topic parameter to W1L3D4_konuya_mesaj_yaz.asp, different vectors than CVE-2008-1939, CVE-2007-2641, and CVE-2007-0920. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inyección SQL en W1L3D4 Philboard 0.5, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1)forumid en (a) admin/philboard_admin-forumedit.asp, (b) admin/philboard_admin-forum.asp y (c) W1L3D4_foruma_yeni_konu_ac.asp; el parámetro (2)id en (d) W1L3D4_konuoku.asp y (e) W1L3D4_konuya_mesaj_yaz.asp; y el parámetro (3)topic en to W1L3D4_konuya_mesaj_yaz.asp. Vectores diferentes de CVE-2008-1939, CVE-2007-2641 y CVE-2007-0920. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • https://www.exploit-db.com/exploits/31797 https://www.exploit-db.com/exploits/31798 https://www.exploit-db.com/exploits/31799 http://secunia.com/advisories/30278 http://www.securityfocus.com/bid/29229 http://www.securityfocus.com/bid/29229/exploit https://exchange.xforce.ibmcloud.com/vulnerabilities/42452 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-2048 – Angelo-Emlak 1.0 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-2048
Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) de hpz/admin/Default.asp in Angelo-Emlak 1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro sayfa. • https://www.exploit-db.com/exploits/5503 http://secunia.com/advisories/29998 http://www.securityfocus.com/bid/28949 http://www.vupen.com/english/advisories/2008/1385 https://exchange.xforce.ibmcloud.com/vulnerabilities/42155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2047 – Angelo-Emlak 1.0 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-2047
Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp. Múltiples vulnerabilidades de inyección SQL en Angelo-Emlak 1.0 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id a (1) hpz/profil.asp y (2) hpz/prodetail.asp. • https://www.exploit-db.com/exploits/5503 http://secunia.com/advisories/29998 http://www.securityfocus.com/bid/28949 http://www.vupen.com/english/advisories/2008/1385 https://exchange.xforce.ibmcloud.com/vulnerabilities/42018 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •