CVE リスト (「タイプ別の脆弱性」から · 2008 年に公開 · 既定の並び順は「公開日の降順」です(新しい公開が先頭)。)

2008 年に公開された CVE を表示しています。 CVE の一覧へ

CVSS スコア
表示中 120 / 5664
«« 先頭 « 前へ 1 / 284 次へ »
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2008-5807 Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl. 4.3 1.03% 2008-12-31 2026-06-16
CVE-2008-5806 SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information. 7.5 1.15% 2008-12-31 2026-06-16
CVE-2008-5805 SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828. 7.5 1.00% 2008-12-31 2026-06-16
CVE-2008-5804 SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. 7.5 1.00% 2008-12-31 2026-06-16
CVE-2008-5803 SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information. 7.5 1.04% 2008-12-31 2026-06-16
CVE-2008-5802 SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. 7.5 1.04% 2008-12-31 2026-06-16
CVE-2008-5801 Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. 10.0 2.46% 2008-12-31 2026-06-16
CVE-2008-5800 SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 7.5 1.05% 2008-12-31 2026-06-16
CVE-2008-5799 Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 4.3 1.02% 2008-12-31 2026-06-16
CVE-2008-5798 SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 7.5 1.05% 2008-12-31 2026-06-16
CVE-2008-5797 SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 7.5 1.05% 2008-12-31 2026-06-16
CVE-2008-5796 SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 7.5 1.06% 2008-12-31 2026-06-16
CVE-2008-5795 Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 4.3 1.03% 2008-12-31 2026-06-16
CVE-2008-5794 Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. 5.0 2.60% 2008-12-31 2026-06-16
CVE-2008-5793 Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/ 6.8 15.37% 2008-12-31 2026-06-16
CVE-2008-5792 PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue. 6.8 2.57% 2008-12-31 2026-06-16
CVE-2008-5791 Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components. 10.0 1.54% 2008-12-31 2026-06-16
CVE-2008-5790 Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. 7.5 23.62% 2008-12-31 2026-06-16
CVE-2008-5789 Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php. 7.5 30.09% 2008-12-31 2026-06-16
CVE-2008-5788 SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. 7.5 1.15% 2008-12-31 2026-06-16
«« 先頭 « 前へ 1 / 284 次へ »
cvelogic Threat Intelligence