Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4758 | 1 Php-daily | 1 Php-daily | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter. | |||||
| CVE-2008-4759 | 1 Buzzscripts | 1 Buzzywall | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter. | |||||
| CVE-2008-4760 | 1 Graphiks | 1 Myforum | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4764 | 2 Extplorer, Joomla | 2 Com Extplorer, Joomla\! | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. | |||||
| CVE-2008-4765 | 1 Oscommerce | 2 Online Merchant, Poll Booth | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
| CVE-2008-4770 | 1 Realvnc | 1 Realvnc | 2017-09-29 | 10.0 HIGH | N/A |
| The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 through 4.1.2, Enterprise Edition E4.0 through E4.4.2, and Personal Edition P4.0 through P4.4.2 allows remote VNC servers to execute arbitrary code via crafted RFB protocol data, related to "encoding type." | |||||
| CVE-2008-4771 | 3 4xem, D-link, Vivotek | 3 Vatctrl Class, Mpeg4 Shm Audio Control, Rtsp Mpeg4 Sp Control | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4772 | 1 Questwork | 1 Questcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter. | |||||
| CVE-2008-4773 | 1 Questwork | 1 Questcms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter. | |||||
| CVE-2008-4774 | 1 Questwork | 1 Questcms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter. | |||||
| CVE-2008-4779 | 1 Tguzip | 1 Tguzip | 2017-09-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file. | |||||
| CVE-2008-4780 | 1 Easy-script | 1 Myforum | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the padmin parameter. | |||||
| CVE-2008-4781 | 1 Easy-script | 1 Myktools | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter. | |||||
| CVE-2008-4782 | 1 Aiocp | 1 Aiocp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | |||||
| CVE-2008-4783 | 1 Easy-script | 1 Tlads | 2017-09-29 | 7.5 HIGH | N/A |
| tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin." | |||||
| CVE-2008-4784 | 1 Aflog | 1 Aflog | 2017-09-29 | 7.5 HIGH | N/A |
| aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php. | |||||
| CVE-2008-4785 | 1 E107 | 2 Alternate Profiles Plugin, E107 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4786 | 1 E107 | 2 E107, Easyshop Plugin | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2008-4873 | 1 Sepal | 1 Spboard | 2017-09-29 | 10.0 HIGH | N/A |
| board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action. | |||||
| CVE-2008-4877 | 1 Mywebcards | 1 Webcards | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4878 | 1 Mywebcards | 1 Webcards | 2017-09-29 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the uploaded file. | |||||
| CVE-2008-4879 | 1 Maran | 1 Php Shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880. | |||||
| CVE-2008-4880 | 1 Maran | 1 Php Shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879. | |||||
| CVE-2008-4881 | 1 Yourfreeworld | 1 Reminder Service Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4882 | 1 Yourfreeworld | 1 Autoresponder Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4883 | 1 Yourfreeworld | 1 Blog Blaster Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4884 | 1 Yourfreeworld | 1 Classifieds Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4885 | 1 Yourfreeworld | 1 Scrolling Text Ads Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4886 | 1 Yourfreeworld | 1 Shopping Cart Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2008-4887 | 1 Netrisk | 1 Netrisk | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4888 | 1 Netrisk | 1 Netrisk | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4889 | 1 Dev\!l\'s | 1 Clanportal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action. | |||||
| CVE-2008-4890 | 1 1st News | 1 4 Professional | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4895 | 1 Yourfreeworld | 1 Downline Builder Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4897 | 1 Logz | 1 Logz | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter. | |||||
| CVE-2008-4900 | 1 Yourfreeworld | 1 Classifieds Blaster Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4906 | 2 E107, W1n78 | 2 E107, Lyrics | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4912 | 1 Rs Maxsoft | 2 Fotogalerie, Rs Maxsoft | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
| CVE-2008-4913 | 1 Lokicms | 1 Lokicms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter. | |||||
| CVE-2008-4914 | 1 Vmware | 2 Esx, Esxi | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350-200901401-SG allows local administrators to cause a denial of service (host crash) via a snapshot with a malformed VMDK delta disk. | |||||
| CVE-2008-4916 | 2 Emc, Vmware | 7 Vmware Player, Vmware Ace, Vmware Esx and 4 more | 2017-09-29 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors. | |||||
| CVE-2008-4919 | 1 Visagesoft | 1 Expert Pdf Viewer Activex | 2017-09-29 | 8.8 HIGH | N/A |
| Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method. | |||||
| CVE-2008-4921 | 1 Chipmunk Scripts | 1 Chipmunk Cms | 2017-09-29 | 7.5 HIGH | N/A |
| board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gain administrator privileges via a direct request. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4922 | 2 Djvu, Microsoft | 2 Activex Control For Microsoft Office 2000, Office | 2017-09-29 | 9.3 HIGH | N/A |
| Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) allows remote attackers to execute arbitrary code via a long (1) ImageURL property, and possibly the (2) Mode, (3) Page, or (4) Zoom properties. | |||||
| CVE-2008-4923 | 1 Mw6 Technologies | 1 Aztec Activex | 2017-09-29 | 9.0 HIGH | N/A |
| Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. | |||||
| CVE-2008-4924 | 1 Mw6 Technologies | 1 1d Barcode Decoder Activex | 2017-09-29 | 9.0 HIGH | N/A |
| Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.MW6Barcode, Barcode.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. | |||||
| CVE-2008-4925 | 1 Mw6 Technologies | 1 Datamatrix Activex | 2017-09-29 | 9.0 HIGH | N/A |
| Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. | |||||
| CVE-2008-4926 | 1 Mw6 Technologies | 1 Pdf417 Activex | 2017-09-29 | 9.0 HIGH | N/A |
| Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ActiveX control (MW6PDF417Lib.PDF417, MW6PDF417.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods. | |||||
| CVE-2008-4933 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.8 HIGH | N/A |
| Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. | |||||
| CVE-2008-4993 | 1 Xen | 1 Xen | 2017-09-29 | 6.9 MEDIUM | N/A |
| qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. | |||||