Search
Total
3527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7107 | 1 Eset | 1 Smart Security | 2017-09-29 | 7.2 HIGH | N/A |
| easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface. | |||||
| CVE-2008-7088 | 1 Photopost | 1 Photopost Vbgallery | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor. | |||||
| CVE-2008-6978 | 1 Fullrevolution | 1 Aspwebalbum | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp. | |||||
| CVE-2008-6943 | 1 Scriptsfeed | 1 Recipes Listing Portal | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/. | |||||
| CVE-2008-6942 | 1 Scriptsfeed | 1 Realtor Classifieds System | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/. | |||||
| CVE-2008-6938 | 1 Holger Zimmermann | 1 Pi3web | 2017-09-29 | 4.3 MEDIUM | N/A |
| Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop application and without using the Pi3Web/Conf/Intenet.pi3, allows remote attackers to cause a denial of service (crash or hang) and obtain the full pathname of the server via a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails, as demonstrated using Isapi\users.txt. | |||||
| CVE-2008-6913 | 1 Zeeways | 1 Zeejobsite | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editresume_next.php in Zeeways ZEEJOBSITE 2.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a photo in a profile edit action, then accessing the file via a direct request to jobseekers/logos/. | |||||
| CVE-2008-6882 | 2 Joomla, Joompolitan | 2 Joomla, Com Livechat | 2017-09-29 | 7.5 HIGH | N/A |
| Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. | |||||
| CVE-2008-6829 | 1 Vicftps | 1 Vicftps | 2017-09-29 | 5.0 MEDIUM | N/A |
| VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031. | |||||
| CVE-2008-6826 | 1 Mhfmedia | 1 Ads Pro | 2017-09-29 | 10.0 HIGH | N/A |
| dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages. | |||||
| CVE-2008-6814 | 2 Jan De Graaff, Mambo | 2 Com Simpleboard, Mambo | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528. | |||||
| CVE-2008-6806 | 1 7-shop | 1 7shop | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/. | |||||
| CVE-2008-6791 | 1 Klever | 1 Pumpkin | 2017-09-29 | 5.0 MEDIUM | N/A |
| PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field. | |||||
| CVE-2008-6790 | 1 Minddezign | 1 Photo Gallery | 2017-09-29 | 5.1 MEDIUM | N/A |
| The admin module in MindDezign Photo Gallery 2.2 allows remote attackers to add administrative users and gain privileges via a modified username parameter in an edit account action to index.php. | |||||
| CVE-2008-6772 | 1 Peterselie | 1 Yourplace | 2017-09-29 | 7.5 HIGH | N/A |
| login/register_form.php in YourPlace 1.0.2 and earlier does not check that a username already exists when a new account is created, which allows remote attackers to bypass intended access restrictions by registering a new account with the username of a target user. | |||||
| CVE-2008-6752 | 1 Revou | 1 Revou | 2017-09-29 | 7.5 HIGH | N/A |
| adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation. | |||||
| CVE-2008-6751 | 1 Revou | 2 Revou, Tclone | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in settings/my_photo. | |||||
| CVE-2008-6750 | 1 China-on-site | 1 Flexphpdirectory | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in add.php in FlexPHPDirectory 0.0.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photo/. | |||||
| CVE-2008-6745 | 1 Blogphp | 1 Blogphp | 2017-09-29 | 7.5 HIGH | N/A |
| index.php in BlogPHP 2.0 allows remote attackers to gain administrator privileges via a crafted email parameter in a register2 action. | |||||
| CVE-2008-6742 | 1 Gofoxy | 1 Foxy | 2017-09-29 | 4.3 MEDIUM | N/A |
| Foxy P2P software allows remote attackers to cause a denial of service (memory consumption) via a foxy URI with a download action and a large fs value. | |||||
| CVE-2008-6731 | 1 China-on-site | 1 Flexphplink | 2017-09-29 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/. | |||||
| CVE-2008-6684 | 1 Yourfreeworld | 1 Apartment Search Script | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in editimage.php in Apartment Search Script allows remote attackers to execute arbitrary code by uploading a file with an executable extension and a GIF header, then accessing this file via a direct request to a renamed file in Member_Admin/logo/. | |||||
| CVE-2008-6559 | 1 Sco | 2 Reliantha, Unixware | 2017-09-29 | 7.2 HIGH | N/A |
| Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters. | |||||
| CVE-2008-6558 | 2 Sco, Unixware | 2 Unixware, Reliantha | 2017-09-29 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program. | |||||
| CVE-2008-6538 | 1 Holger Schurig | 1 Destar | 2017-09-29 | 5.0 MEDIUM | N/A |
| DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser. | |||||
| CVE-2008-6534 | 1 Vwsolutions | 1 Null Ftp | 2017-09-29 | 7.1 HIGH | N/A |
| Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument. | |||||
| CVE-2008-6492 | 1 Tizag | 1 Tizag Countdown Creator | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6490 | 1 Flysforum | 1 Flaber | 2017-09-29 | 7.5 HIGH | N/A |
| function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php. | |||||
| CVE-2008-7052 | 1 Preprojects | 1 Pre Real Estate Listings | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/. | |||||
| CVE-2008-6367 | 1 Socialgroupie | 1 Social Groupie | 2017-09-29 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/. | |||||
| CVE-2008-6944 | 1 Scriptsfeed | 1 Auto Classifieds | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/. | |||||
| CVE-2008-6185 | 1 Noticeware | 1 Noticeware Email Server Ng | 2017-09-29 | 5.0 MEDIUM | N/A |
| NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command. | |||||
| CVE-2008-6175 | 1 K2sxs | 1 Silvershield | 2017-09-29 | 5.0 MEDIUM | N/A |
| SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command. | |||||
| CVE-2008-6084 | 1 .matteoiammarrone | 1 Iamma Simple Gallery | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. | |||||
| CVE-2008-5966 | 1 Globsy | 1 Globsy | 2017-09-29 | 7.5 HIGH | N/A |
| globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter. | |||||
| CVE-2008-5963 | 1 Gravity-gtd | 1 Gravity-gtd | 2017-09-29 | 10.0 HIGH | N/A |
| Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter. | |||||
| CVE-2008-5937 | 1 Zkesoft | 1 Ayeview | 2017-09-29 | 7.8 HIGH | N/A |
| AyeView 2.20 allows user-assisted attackers to cause a denial of service (memory consumption or application crash) via a bitmap (aka .bmp) file with large height and width values. | |||||
| CVE-2008-5712 | 1 Kde | 1 Konqueror | 2017-09-29 | 5.0 MEDIUM | N/A |
| The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514. | |||||
| CVE-2008-5732 | 1 Kafooeyblog | 1 Kafooeyblog | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||||
| CVE-2008-5730 | 1 Netcat | 1 Netcat | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file. | |||||
| CVE-2008-5705 | 1 Verlihub-project | 1 Verlihub | 2017-09-29 | 9.3 HIGH | N/A |
| The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument. | |||||
| CVE-2008-5678 | 1 Fdgroup | 1 Olib7 Webview | 2017-09-29 | 4.0 MEDIUM | N/A |
| Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files. | |||||
| CVE-2008-5677 | 1 Kwalbum | 1 Kwalbum | 2017-09-29 | 7.1 HIGH | N/A |
| Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5663 | 1 Kusaba | 1 Kusaba | 2017-09-29 | 9.0 HIGH | N/A |
| Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory. | |||||
| CVE-2008-5220 | 1 Wportfolio | 1 Wportfolio | 2017-09-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/. | |||||
| CVE-2008-5002 | 1 Chilkat Software | 1 Chilkat Crypt Activex Control | 2017-09-29 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4919 | 1 Visagesoft | 1 Expert Pdf Viewer Activex | 2017-09-29 | 8.8 HIGH | N/A |
| Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method. | |||||
| CVE-2008-4878 | 1 Mywebcards | 1 Webcards | 2017-09-29 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | |||||
| CVE-2008-4770 | 1 Realvnc | 1 Realvnc | 2017-09-29 | 10.0 HIGH | N/A |
| The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type." | |||||
| CVE-2008-4748 | 1 Kvirc | 1 Kvirc | 2017-09-29 | 7.6 HIGH | N/A |
| Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI. | |||||