Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5640 | 1 Activewebsoftwares | 1 Active Bids | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2008-5641 | 1 Activewebsoftwares | 1 Active Photo Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2008-5642 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie. | |||||
| CVE-2008-5643 | 2 Joomla, Mambo | 3 Com Books, Joomla, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php. | |||||
| CVE-2008-5649 | 1 Alstrasoft | 1 Article Manager Pro | 2017-09-29 | 10.0 HIGH | N/A |
| SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-5650 | 1 Alstrasoft | 1 Webhost Directory | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter. | |||||
| CVE-2008-5652 | 1 Myiosoft | 1 Easybookmarker | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5663 | 1 Kusaba | 1 Kusaba | 2017-09-29 | 9.0 HIGH | N/A |
| Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory. | |||||
| CVE-2008-5664 | 1 Realtek | 1 Realtek Media Player | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file. | |||||
| CVE-2008-5665 | 1 Xoops | 1 Xoops | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter. | |||||
| CVE-2008-5666 | 1 Wftpserver | 1 Winftp Ftp Server | 2017-09-29 | 3.5 LOW | N/A |
| WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command. | |||||
| CVE-2008-5667 | 1 Virusblokada | 1 Vba32 Personal Antivirus | 2017-09-29 | 5.0 MEDIUM | N/A |
| The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x allows remote attackers to cause a denial of service (memory corruption and application crash) via a malformed RAR archive. | |||||
| CVE-2008-5677 | 1 Kwalbum | 1 Kwalbum | 2017-09-29 | 7.1 HIGH | N/A |
| Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5678 | 1 Fdgroup | 1 Olib7 Webview | 2017-09-29 | 4.0 MEDIUM | N/A |
| Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files. | |||||
| CVE-2008-5684 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session). | |||||
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 2.1 LOW | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | |||||
| CVE-2008-5691 | 1 Phonecian Casino | 1 Flashax | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method. | |||||
| CVE-2008-5697 | 2 Mozilla, Skype | 2 Firefox, Skype Extension For Firefox | 2017-09-29 | 4.3 MEDIUM | N/A |
| The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument. | |||||
| CVE-2008-5698 | 1 Kde | 2 Kde, Konqueror | 2017-09-29 | 4.3 MEDIUM | N/A |
| HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5705 | 1 Verlihub-project | 1 Verlihub | 2017-09-29 | 9.3 HIGH | N/A |
| The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument. | |||||
| CVE-2008-5706 | 1 Verlihub-project | 1 Verlihub | 2017-09-29 | 6.9 MEDIUM | N/A |
| The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file. | |||||
| CVE-2008-5708 | 1 Slimcms | 1 Slimcms | 2017-09-29 | 7.5 HIGH | N/A |
| redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1. | |||||
| CVE-2008-5711 | 1 Facebook | 1 Photouploader | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value. | |||||
| CVE-2008-5712 | 1 Kde | 1 Konqueror | 2017-09-29 | 5.0 MEDIUM | N/A |
| The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514. | |||||
| CVE-2008-5722 | 1 Sawstudio | 1 Sawstudio | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in SAWStudio 3.9i allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long SAWSTUDIO PREFERENCES STRUCT value in a .prf (preferences) file. | |||||
| CVE-2008-5725 | 1 Entechtaiwan | 1 Powerstrip | 2017-09-29 | 7.2 HIGH | N/A |
| The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory. | |||||
| CVE-2008-5726 | 1 Stormboards Aaronnemisis | 1 Stormboards | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5727 | 1 Netcat | 1 Netcat | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string. | |||||
| CVE-2008-5728 | 1 Netcat | 1 Netcat | 2017-09-29 | 5.1 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/. | |||||
| CVE-2008-5729 | 1 Netcat | 1 Netcat | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php. | |||||
| CVE-2008-5730 | 1 Netcat | 1 Netcat | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file. | |||||
| CVE-2008-5732 | 1 Kafooeyblog | 1 Kafooeyblog | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||||
| CVE-2008-5737 | 1 Nodstrum | 1 Mysql Calendar | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-5738 | 1 Nodstrum | 1 Mysql Calendar | 2017-09-29 | 7.5 HIGH | N/A |
| Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5739 | 1 Pligg | 1 Pligg Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter. | |||||
| CVE-2008-5742 | 1 Netcat | 1 Netcat | 2017-09-29 | 4.0 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure. | |||||
| CVE-2008-5748 | 1 Bloofox | 1 Bloofoxcms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters. | |||||
| CVE-2008-5751 | 1 Alstrasoft | 1 Web Email Script Enterprise | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action. | |||||
| CVE-2008-5752 | 1 Wordpress | 2 Page Flip Image Gallery Plugin, Wordpress | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5753 | 1 Bpftp | 1 Bulletproof Ftp Client | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar. | |||||
| CVE-2008-5754 | 1 Bpftp | 1 Bulletproof Ftp Client | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753. | |||||
| CVE-2008-5755 | 1 Intellitamper | 1 Intellitamper | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494. | |||||
| CVE-2008-5756 | 1 Bpsoft | 1 Hex Workshop | 2017-09-29 | 9.3 HIGH | N/A |
| Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file. | |||||
| CVE-2008-5761 | 1 Flatnux | 1 Flatnux | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element. | |||||
| CVE-2008-5762 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2017-09-29 | 5.0 MEDIUM | N/A |
| Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt. | |||||
| CVE-2008-5763 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter. | |||||
| CVE-2008-5764 | 1 2500mhz | 1 Worksimple | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
| CVE-2008-5765 | 1 2500mhz | 1 Worksimple | 2017-09-29 | 5.0 MEDIUM | N/A |
| WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt. | |||||
| CVE-2008-5766 | 1 Fascript | 1 Faupload | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5767 | 1 Gazatem | 1 Gnews Publisher | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter. | |||||