Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4377 | 1 Creative Mind | 1 Creator Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter. | |||||
| CVE-2008-4378 | 1 Mr. Cgi Guy | 1 Hot Links Sql Php | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4379 | 1 Mr. Cgi Guy | 1 Hot Links Sql Php | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2008-4380 | 1 Samsung | 1 Dvr Shr2040 | 2017-09-29 | 7.8 HIGH | N/A |
| The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters. | |||||
| CVE-2008-4405 | 1 Citrix | 1 Xen | 2017-09-29 | 7.2 HIGH | N/A |
| xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. | |||||
| CVE-2008-4416 | 1 Hp | 1 Hp-ux | 2017-09-29 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors. | |||||
| CVE-2008-4425 | 1 Phlatline | 1 Personal Information Manager | 2017-09-29 | 8.8 HIGH | N/A |
| Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action. | |||||
| CVE-2008-4426 | 1 Phlatline | 1 Personal Information Manager | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action. | |||||
| CVE-2008-4427 | 1 Phlatline | 1 Personal Information Manager | 2017-09-29 | 7.5 HIGH | N/A |
| changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords. | |||||
| CVE-2008-4428 | 1 Phlatline | 1 Personal Information Manager | 2017-09-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory. | |||||
| CVE-2008-4436 | 1 Bblog | 1 Wbblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter. | |||||
| CVE-2008-4449 | 1 Mirc | 1 Mirc | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message. | |||||
| CVE-2008-4451 | 1 Eset Software | 1 System Analyzer Tool | 2017-09-29 | 7.2 HIGH | N/A |
| The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer. | |||||
| CVE-2008-4452 | 1 Cambridge Computer Corporation | 1 Vxftpsrv | 2017-09-29 | 9.0 HIGH | N/A |
| Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allows remote attackers to cause a denial of service (crash and hang) and possibly execute arbitrary code via a long CWD request. | |||||
| CVE-2008-4453 | 1 Dspicture | 2 Light Imaging Toolkit, Pro Imaging Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4457 | 1 Memht | 1 Memht Portal | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php. | |||||
| CVE-2008-4460 | 1 Vastal I-tech | 1 Mmorpg Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the game_id parameter. | |||||
| CVE-2008-4461 | 1 Vastal I-tech | 1 Dating Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter. | |||||
| CVE-2008-4462 | 1 Vastal I-tech | 1 Visa Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2008-4463 | 1 Vastal I-tech | 1 Jobs Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2008-4464 | 1 Vastal I-tech | 1 Mag Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-4465 | 1 Vastal I-tech | 1 Dvd Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-4466 | 1 Vastal I-tech | 1 Cosmetics Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-4467 | 1 Vastal I-tech | 1 Toner Cart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4468 | 1 Vastal I-tech | 1 Share Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4469 | 1 Vastal I-tech | 1 Freelance Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter. | |||||
| CVE-2008-4470 | 1 Numark | 1 Cue | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname. | |||||
| CVE-2008-4483 | 1 Crux Software | 1 Gallery | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. | |||||
| CVE-2008-4486 | 1 Yerba | 1 Yerba | 2017-09-29 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. | |||||
| CVE-2008-4490 | 1 Phpabook | 1 Phpabook | 2017-09-29 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the userInfo cookie. | |||||
| CVE-2008-4492 | 1 Yourownbux | 1 Yourownbux | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie. | |||||
| CVE-2008-4493 | 1 Microsoft | 1 Digital Image | 2017-09-29 | 6.8 MEDIUM | N/A |
| Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. | |||||
| CVE-2008-4494 | 1 Torrenttrader | 1 Torrenttrader | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4495 | 1 Select Development Solutions | 1 Php Auto Dealer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | |||||
| CVE-2008-4496 | 1 Select Development Solutions | 1 Php Realtor | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | |||||
| CVE-2008-4497 | 1 Built2go | 1 Real Estate Listings | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | |||||
| CVE-2008-4498 | 1 Phpautos | 1 Phpautos | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-4502 | 1 Datafeedfile | 1 Dff Framework Api | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/. | |||||
| CVE-2008-4509 | 1 Foss Gallery | 1 Foss Gallery | 2017-09-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory. | |||||
| CVE-2008-4510 | 1 Microsoft | 1 Windows Vista | 2017-09-29 | 4.9 MEDIUM | N/A |
| Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page. | |||||
| CVE-2008-4514 | 1 Konqueror | 1 Konqueror | 2017-09-29 | 5.0 MEDIUM | N/A |
| The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error. | |||||
| CVE-2008-4516 | 1 Galerie | 1 Galerie | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter. | |||||
| CVE-2008-4517 | 1 Geccbblite | 1 Geccbblite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4518 | 1 Fastpublish | 1 Fastpublish Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php. | |||||
| CVE-2008-4519 | 1 Fastpublish | 1 Fastpublish Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php. | |||||
| CVE-2008-4521 | 1 Php-fusion | 1 World Of Warcraft Tracker Infusion Module | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter. | |||||
| CVE-2008-4522 | 1 Jesse-web | 1 Jmweb Mp3 Music Audio Search And Download Script | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php. | |||||
| CVE-2008-4523 | 1 Ip Reg | 1 Ip Reg | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter. | |||||
| CVE-2008-4524 | 1 Adaptcms | 1 Adaptcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. | |||||
| CVE-2008-4526 | 1 Customcms | 1 Ccms | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php. | |||||