Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2094 | 1 Xoops | 1 Article Module | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2096 | 1 Backlinkspider | 1 Backlink Spider | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php. | |||||
| CVE-2008-2097 | 1 Vmware | 2 Esx, Esxi | 2018-10-11 | 9.0 HIGH | N/A |
| Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length." | |||||
| CVE-2008-2098 | 1 Vmware | 5 Ace 2, Fusion, Vmware Player 2 and 2 more | 2018-10-11 | 6.9 MEDIUM | N/A |
| Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | |||||
| CVE-2008-2099 | 2 Microsoft, Vmware | 5 Windows, Ace 2, Vmware Player 2 and 2 more | 2018-10-11 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors. | |||||
| CVE-2008-2101 | 1 Vmware | 1 Esx | 2018-10-11 | 2.1 LOW | N/A |
| The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2008-2106 | 1 Activision | 1 Call Of Duty 4 | 2018-10-11 | 6.8 MEDIUM | N/A |
| Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value. | |||||
| CVE-2008-2107 | 1 Php | 1 Php | 2018-10-11 | 7.5 HIGH | N/A |
| The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed. | |||||
| CVE-2008-2108 | 1 Php | 1 Php | 2018-10-11 | 7.5 HIGH | N/A |
| The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against protection mechanisms that use the rand and mt_rand functions. | |||||
| CVE-2008-2110 | 1 Qto | 1 Qtofilemanager | 2018-10-11 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request. | |||||
| CVE-2008-2115 | 1 Scriptsez | 1 Power Editor | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) te and (2) dir parameters in a tempedit action. | |||||
| CVE-2008-2116 | 1 Scriptsez | 1 Power Editor | 2018-10-11 | 4.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action. | |||||
| CVE-2008-2117 | 1 Project Alumni | 1 Project Alumni | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pages/news.page.inc in Project Alumni 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a news action to index.php, a different vector than CVE-2007-6126. | |||||
| CVE-2008-2118 | 1 Project Alumni | 1 Project Alumni | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2119 | 1 Asterisk | 2 Asterisk Business Edition, Open Source | 2018-10-11 | 4.3 MEDIUM | N/A |
| Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer. | |||||
| CVE-2008-2131 | 1 Myvietnam | 1 Mvnforum | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows remote authenticated users to inject arbitrary web script or HTML via the topic field, which is later displayed by user/viewthread.jsp through use of the "quick reply button." | |||||
| CVE-2008-2135 | 1 Visualshapers | 1 Ezcontents | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php. | |||||
| CVE-2008-2138 | 1 Oracle | 1 Application Server Portal | 2018-10-11 | 5.0 MEDIUM | N/A |
| Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report. | |||||
| CVE-2008-2142 | 1 Gnu | 2 Emacs, Xemacs | 2018-10-11 | 6.8 MEDIUM | N/A |
| Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. | |||||
| CVE-2008-2145 | 1 Novell | 1 Client | 2018-10-11 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog. | |||||
| CVE-2008-2165 | 1 Cisco | 1 Building Broadband Service Manager | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2008-2167 | 1 Zyxel | 1 Zywall 100 | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page. | |||||
| CVE-2008-2176 | 1 Zomp | 1 Zomplog | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/category.php in Zomplog 3.8.2 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. | |||||
| CVE-2008-2178 | 1 Lifetype | 1 Lifetype | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the searchTerms parameter in an editArticleCategories operation (aka an admin category search). | |||||
| CVE-2008-2186 | 1 Cilekyazilim | 1 Chicomas | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2008-2187 | 1 Mdsjack | 1 Mjguest | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 GT Rev.01 allows remote attackers to inject arbitrary web script or HTML via the level parameter in a redirect action, possibly involving interface/redirect.htm.php. | |||||
| CVE-2008-2188 | 1 Eejj33 | 1 Blackbook | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) bookCopyright and (2) ver parameters to (a) footer.php, and the (3) bookName, (4) bookMetaTags, and (5) estiloCSS parameters to (b) header.php. | |||||
| CVE-2008-2189 | 1 Anserv | 1 Auction Xl | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-2190 | 1 Romedchim International Srl | 1 Online Rent Property Script | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected. | |||||
| CVE-2008-2191 | 1 Postnuke Software Foundation | 1 Pnencyclopedia | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php. | |||||
| CVE-2008-2196 | 1 Lifetype | 1 Lifetype | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in LifeType 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the newBlogUserName parameter in an addBlogUser action, a different vector than CVE-2008-2178. | |||||
| CVE-2008-2198 | 1 Kmita Tellfriend | 1 Tellfriend | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2008-2199 | 1 Kkeim | 1 Kmita Mail | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2008-2200 | 1 Maianscriptworld | 1 Maian Weblog | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. | |||||
| CVE-2008-2201 | 1 Maianscriptworld | 1 Maian Recipe | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. | |||||
| CVE-2008-2202 | 1 Maianscriptworld | 1 Maian Uploader | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. | |||||
| CVE-2008-2203 | 1 Maianscriptworld | 1 Maian Search | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | |||||
| CVE-2008-2204 | 1 Maianscriptworld | 1 Maian Search | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. | |||||
| CVE-2008-2205 | 1 Maianscriptworld | 1 Maian Music | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. | |||||
| CVE-2008-2206 | 1 Maianscriptworld | 1 Maian Music | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php. | |||||
| CVE-2008-2207 | 1 Maianscriptworld | 1 Maian Gallery | 2018-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. | |||||
| CVE-2008-2208 | 1 Maianscriptworld | 1 Maian Greeting | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | |||||
| CVE-2008-2209 | 1 Maianscriptworld | 1 Maian Greeting | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Greeting 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script and (2) msg_script2 parameters. | |||||
| CVE-2008-2210 | 1 Maianscriptworld | 1 Maian Support | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php. | |||||
| CVE-2008-2211 | 1 Maianscriptworld | 1 Maian Guestbook | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. | |||||
| CVE-2008-2212 | 1 Maianscriptworld | 1 Maian Cart | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to admin/inc/header.php; the (5) msg_script3 and unspecified other parameters to admin/inc/footer.php; and the (6) keywords parameter to index.php in a search action. | |||||
| CVE-2008-2213 | 1 Maianscriptworld | 1 Maian Links | 2018-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. | |||||
| CVE-2008-2214 | 1 Castle Rock | 1 Snmpc | 2018-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet. | |||||
| CVE-2008-2234 | 1 Openwsman | 1 Openwsman | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote attackers to execute arbitrary code via a crafted "Authorization: Basic" HTTP header. | |||||
| CVE-2008-1930 | 1 Wordpress | 1 Wordpress | 2018-10-11 | 7.5 HIGH | N/A |
| The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013. | |||||