ana vulnerabilities and exploits

5.8
CVSSv2
CVE-2018-0611

The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate....

4.3
CVSSv2
CVE-2015-5666

ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates....

7.5
CVSSv2
CVE-2008-7077

Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields....

RelativeSailplanner
7.5
CVSSv2
CVE-2008-4718

Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156....

X7 GroupX7 Chat
7.5
CVSSv2
CVE-2008-6284

SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter....

1scriptsZ1exchange
7.5
CVSSv2
CVE-2009-0284

SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter....

FlaxwebFlax Article Manager
7.5
CVSSv2
CVE-2008-4667

Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter....

Arabcms
7.5
CVSSv2
CVE-2008-0692

SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter....

ItechscriptsItechbids
7.5
CVSSv2
CVE-2009-1549

AGTC MyShop 3.2b allows remote attackers to bypass authentication and obtain administrative access setting the log_accept cookie to "correcto."...

AgtcAgtc Myshop
7.5
CVSSv2
CVE-2008-5292

SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter....

VideogirlsVideogirls Biz