Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4204 | 1 Softacid | 1 Hotel Reservation System | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter. | |||||
| CVE-2008-4210 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.6 MEDIUM | N/A |
| fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. | |||||
| CVE-2008-4225 | 1 Xmlsoft | 1 Libxml | 2017-09-29 | 7.8 HIGH | N/A |
| Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document. | |||||
| CVE-2008-4226 | 1 Xmlsoft | 1 Libxml | 2017-09-29 | 10.0 HIGH | N/A |
| Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | |||||
| CVE-2008-4241 | 1 Cj | 1 Ultra Plus | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie. | |||||
| CVE-2008-4243 | 1 Epic Games | 1 Unreal Tournament 3 | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic Games Unreal Tournament 3 (UT3) 1.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2008-4244 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative access by setting the usuario and pass cookies to 1. | |||||
| CVE-2008-4245 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2017-09-29 | 6.5 MEDIUM | N/A |
| The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which allows remote authenticated users to (1) change a user's privileges, (2) delete a user account, or perform unspecified other administrative actions via vectors involving an admin lista action to the default URI, possibly related to useradmin.php. | |||||
| CVE-2008-4295 | 2 Htc, Microsoft | 3 Mda, Wiza, Windows Mobile | 2017-09-29 | 5.4 MEDIUM | N/A |
| Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices. | |||||
| CVE-2008-4302 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool. | |||||
| CVE-2008-4310 | 1 Ruby-lang | 1 Ruby | 2017-09-29 | 7.8 HIGH | N/A |
| httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656. | |||||
| CVE-2008-4313 | 2 Openpegasus, Redhat | 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop | 2017-09-29 | 6.0 MEDIUM | N/A |
| A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. | |||||
| CVE-2008-4315 | 2 Openpegasus, Redhat | 3 Openpegasus Wbem, Enterprise Linux, Enterprise Linux Desktop | 2017-09-29 | 6.8 MEDIUM | N/A |
| tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. | |||||
| CVE-2008-4318 | 1 Project-observer | 1 Observer | 2017-09-29 | 10.0 HIGH | N/A |
| Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php. | |||||
| CVE-2008-4319 | 1 Libra File Manager | 1 Php Filemanager | 2017-09-29 | 6.4 MEDIUM | N/A |
| fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string. | |||||
| CVE-2008-4321 | 1 Flashget | 1 Flashget Ftp | 2017-09-29 | 9.3 HIGH | N/A |
| Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command. | |||||
| CVE-2008-4323 | 1 Microsoft | 1 Windows Xp | 2017-09-29 | 4.3 MEDIUM | N/A |
| Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. | |||||
| CVE-2008-4329 | 1 Openengine | 1 Openengine | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter. | |||||
| CVE-2008-4330 | 1 Lansuite | 1 Lansuite | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the design parameter. | |||||
| CVE-2008-4331 | 1 Phpocs | 1 Phpocs | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to index.php. | |||||
| CVE-2008-4332 | 1 Cannot | 1 Php Infoboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php. | |||||
| CVE-2008-4333 | 1 Cannot | 1 Php Infoboard | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject arbitrary web script or HTML via the isname parameter in a newtopic action. | |||||
| CVE-2008-4334 | 1 Cannot | 1 Php Infoboard | 2017-09-29 | 7.5 HIGH | N/A |
| PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative access by setting the infouser cookie to 1. | |||||
| CVE-2008-4335 | 1 Atomic Photo Album | 1 Atomic Photo Album | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter. | |||||
| CVE-2008-4336 | 1 Constantin Charissis | 1 Atomic Photo Album | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to inject arbitrary web script or HTML via the apa_album_ID parameter. | |||||
| CVE-2008-4341 | 1 Myblog | 1 Myblog | 2017-09-29 | 7.5 HIGH | N/A |
| add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin. | |||||
| CVE-2008-4343 | 1 Chilkat Software | 1 Chilkat Xml Activex Control | 2017-09-29 | 9.3 HIGH | N/A |
| The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. | |||||
| CVE-2008-4345 | 1 Webportal | 1 Webportal Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter. | |||||
| CVE-2008-4346 | 1 Talkback | 1 Talkback | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371. | |||||
| CVE-2008-4347 | 1 Powie | 1 Pnews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2008-4350 | 1 Vblogix | 1 Tutorial Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-4351 | 1 Phpsmartcom | 1 Phpsmartcom | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the p parameter. | |||||
| CVE-2008-4352 | 1 Phpsmartcom | 1 Phpsmartcom | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php. | |||||
| CVE-2008-4353 | 1 Linkarity | 1 Linkarity | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in link.php in Linkarity allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: although one component of Linkarity is distributable PHP code, this issue might be site-specific. If so, it should not be included in CVE. | |||||
| CVE-2008-4354 | 1 Net Art Media | 1 Iboutique | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. | |||||
| CVE-2008-4355 | 1 Powie | 1 Pforum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4356 | 1 Kasseler-cms | 1 Kasseler Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module. | |||||
| CVE-2008-4357 | 1 Powie | 1 Plink | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4361 | 1 Powerportal | 1 Powerportal | 2017-09-29 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly read arbitrary files via a .. (dot dot) in the path parameter to the default URI. | |||||
| CVE-2008-4362 | 1 Deslock | 1 Deslock | 2017-09-29 | 4.9 MEDIUM | N/A |
| The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) via a crafted IOCTL request to \Device\DLPTokenWalter0. | |||||
| CVE-2008-4363 | 1 Deslock | 1 Deslock | 2017-09-29 | 7.2 HIGH | N/A |
| DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash) or potentially execute arbitrary code via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, probably related to use of the ProbeForRead function when ProbeForWrite was intended. | |||||
| CVE-2008-4366 | 1 Camera Life | 1 Camera Life | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a user directory under images/photos/upload. | |||||
| CVE-2008-4369 | 1 Availscript | 1 Availscript Photo Album | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2008-4370 | 1 Availscript | 1 Availscript Photo Album | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php. | |||||
| CVE-2008-4371 | 1 Availscript | 1 Availscript Article Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the aIDS parameter. | |||||
| CVE-2008-4372 | 1 Availscript | 1 Availscript Article Script | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote attackers to inject arbitrary web script or HTML via the aIDS parameter. | |||||
| CVE-2008-4373 | 1 Availscript | 1 Availscript Jobs Portal Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter. | |||||
| CVE-2008-4374 | 1 Cmsbuzz | 1 Cms Buzz | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action. | |||||
| CVE-2008-4375 | 1 Availscript | 1 Availscript Classmate Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2008-4376 | 1 Livetvscript | 1 Live Tv Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||