LiveActive security incident?Get immediate response
CVE archive

February 2008

Browse CVE records published in February 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 836 matching CVEs · Page 3 of 17.

Unknown · CVSS Not scored

CVE-2008-6299: Multiple cross-site scripting (XSS) vulnerabilities in Joomla!

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."

Published Feb 26, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6273: Directory traversal vulnerability in configuration_script.php in MyKtools 3.0 allows remote authenticated a...

Directory traversal vulnerability in configuration_script.php in MyKtools 3.0 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the langage parameter, a different vulnerability than CVE-2008-4781. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6269: Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, includin...

Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.

Published Feb 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6274: Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute...

Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information.

Published Feb 25, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6236: SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and p...

SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Feb 21, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-6255: Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to exec...

Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php.

Published Feb 24, 2009 · Updated Aug 7, 2024