Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5320 | 1 E107 | 1 E107 | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter. | |||||
| CVE-2008-5321 | 2 Xoops, Xoops Hocasi | 2 Xoops, Gesgaleri | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter. | |||||
| CVE-2008-5322 | 1 Easy-script | 1 Wysi Wiki Wyg | 2017-09-29 | 7.8 HIGH | N/A |
| Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function. | |||||
| CVE-2008-5323 | 1 Easy-script | 1 Wysi Wiki Wyg | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2008-5332 | 1 Pie | 1 Pie | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php, (g) file.php, (h) locale.php, (i) mapfile.php, (j) page.php, and others. | |||||
| CVE-2008-5333 | 1 Nitrotech | 1 Nitrotech | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5334 | 1 Nitrotech | 1 Nitrotech | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2008-5335 | 1 Php-fusion | 1 Php-fusion | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459. | |||||
| CVE-2008-5337 | 1 Multimania | 2 Bandsite Portal System, Bandwebsite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5338 | 1 Multimania | 2 Bandsite Portal System, Bandwebsite | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | |||||
| CVE-2008-5339 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. | |||||
| CVE-2008-5340 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. | |||||
| CVE-2008-5341 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. | |||||
| CVE-2008-5342 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. | |||||
| CVE-2008-5343 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 9.0 HIGH | N/A |
| Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535. | |||||
| CVE-2008-5344 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. | |||||
| CVE-2008-5347 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. | |||||
| CVE-2008-5348 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. | |||||
| CVE-2008-5350 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. | |||||
| CVE-2008-5351 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | |||||
| CVE-2008-5352 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 9.3 HIGH | N/A |
| Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. | |||||
| CVE-2008-5354 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. | |||||
| CVE-2008-5355 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 10.0 HIGH | N/A |
| The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | |||||
| CVE-2008-5356 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. | |||||
| CVE-2008-5358 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 9.3 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. | |||||
| CVE-2008-5377 | 1 Apple | 1 Cups | 2017-09-29 | 6.9 MEDIUM | N/A |
| pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. | |||||
| CVE-2008-5383 | 1 National Instruments | 1 Electronics Workbench | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file. | |||||
| CVE-2008-5384 | 1 Ibm | 1 Aix | 2017-09-29 | 6.9 MEDIUM | N/A |
| crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. | |||||
| CVE-2008-5387 | 1 Ibm | 1 Aix | 2017-09-29 | 6.2 MEDIUM | N/A |
| Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors. | |||||
| CVE-2008-5405 | 1 Oxid | 1 Cain And Abel | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. | |||||
| CVE-2008-5406 | 1 Apple | 2 Itunes, Quicktime | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | |||||
| CVE-2008-5410 | 1 Sun | 1 Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. | |||||
| CVE-2008-5418 | 2 Justin Roy, Punbb | 2 Punportal Module, Punbb | 2017-09-29 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | |||||
| CVE-2008-5486 | 1 Turnkeyforms | 1 Text Link Sales | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5487 | 1 Turnkeyforms | 1 Text Link Sales | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2008-5488 | 1 E-topbiz | 1 Domain Shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter. | |||||
| CVE-2008-5489 | 1 Clip-share | 1 Clipshare | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter. | |||||
| CVE-2008-5490 | 1 Phpstore | 1 Yahoo Answers | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5491 | 1 Slimcms | 1 Slimcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter. | |||||
| CVE-2008-5492 | 1 Verypdf | 1 Verydoc Pdf Viewer | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5493 | 1 Phpstore | 2 Wholesale, Wholesales | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5494 | 2 Digitalgreys, Joomla | 2 Com Contactinfo, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2008-5496 | 1 Pozscripts | 1 Business Directory Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-5497 | 1 Bandsitecms | 1 Bandsite Cms | 2017-09-29 | 7.5 HIGH | N/A |
| BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. | |||||
| CVE-2008-5504 | 1 Mozilla | 1 Firefox | 2017-09-29 | 7.5 HIGH | N/A |
| Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. | |||||
| CVE-2008-5559 | 1 Dazzlindonna | 1 Postecards | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-5560 | 1 Dazzlindonna | 1 Postecards | 2017-09-29 | 5.0 MEDIUM | N/A |
| PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb. | |||||
| CVE-2008-5561 | 1 Netref | 1 Netref | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php. | |||||
| CVE-2008-5562 | 1 Aspapps | 1 Aspportal | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | |||||
| CVE-2008-5565 | 1 Dinkumsoft | 1 Dl Paycart | 2017-09-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. | |||||