Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3209 | 1 Blackice | 1 Black Ice Document Imaging Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3210 | 1 Resiprocate | 1 Resiprocate | 2017-09-29 | 5.0 MEDIUM | N/A |
| rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows remote attackers to cause a denial of service (daemon crash) via a SIP (1) INVITE or (2) OPTIONS message with a long domain name in a request URI, which triggers an assert error. | |||||
| CVE-2008-3211 | 1 Scripteen | 1 Free Image Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1. | |||||
| CVE-2008-3213 | 1 Webcms | 1 Webcms Portal Edition | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3234 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2017-09-29 | 6.5 MEDIUM | N/A |
| sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. | |||||
| CVE-2008-3237 | 1 Itechscripts | 1 Itechbids | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter. | |||||
| CVE-2008-3238 | 1 Itechscripts | 1 Itechbids | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php. | |||||
| CVE-2008-3239 | 1 Phpizabi | 1 Phpizabi | 2017-09-29 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter. | |||||
| CVE-2008-3240 | 1 Alstrasoft | 1 Affiliate Network Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action. | |||||
| CVE-2008-3241 | 1 Ultrastats | 1 Ultrastats | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3242 | 1 Ppmate | 1 Ppmedia Class | 2017-09-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3245 | 1 Cable-modems | 1 Phphoo3 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter. | |||||
| CVE-2008-3250 | 1 Arctictracker | 1 Arctic Issue Tracker | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter. | |||||
| CVE-2008-3251 | 1 Tpl Design | 1 Tplsoccersite | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/. | |||||
| CVE-2008-3254 | 1 Precoc | 1 Precms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action. | |||||
| CVE-2008-3256 | 1 Siteframe | 2 Siteframe Beaumont, Siteframe Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3257 | 3 Bea, Bea Systems, Oracle | 4 Weblogic Server, Apache Connector In Weblogic Server, Weblogic Server and 1 more | 2017-09-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. | |||||
| CVE-2008-3265 | 1 Joomla | 1 Com Dtregister | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php. | |||||
| CVE-2008-3266 | 1 Softacid | 1 Hotel Reservation System Multi | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2008-3267 | 1 Mojoscripts | 1 Mojojobs | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. | |||||
| CVE-2008-3269 | 1 Winsoftmagic | 2 Winremotepc Full, Winremotepc Lite | 2017-09-29 | 5.0 MEDIUM | N/A |
| WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321. | |||||
| CVE-2008-3270 | 1 Redhat | 1 Enterprise Linux | 2017-09-29 | 2.6 LOW | N/A |
| yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested. | |||||
| CVE-2008-3279 | 1 Mielke | 1 Brltty | 2017-09-29 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. | |||||
| CVE-2008-3282 | 1 Openoffice | 1 Openoffice.org | 2017-09-29 | 9.3 HIGH | N/A |
| Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. | |||||
| CVE-2008-3283 | 2 Fedora, Redhat | 2 Directory Server, Directory Server | 2017-09-29 | 7.8 HIGH | N/A |
| Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. | |||||
| CVE-2008-3291 | 1 Aprox | 2 Aprox Cms Engine, Aproxengine | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3292 | 1 Ezwebalbum | 1 Ezwebalbum | 2017-09-29 | 6.4 MEDIUM | N/A |
| constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php. | |||||
| CVE-2008-3302 | 1 Tuxplanet | 1 Bilboblog | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter. | |||||
| CVE-2008-3303 | 1 Tuxplanet | 1 Bilboblog | 2017-09-29 | 6.8 MEDIUM | N/A |
| admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. | |||||
| CVE-2008-3305 | 1 Carlos Desseno | 1 Youtube Blog | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter. | |||||
| CVE-2008-3307 | 1 Youtube Blog | 1 Youtube Blog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306. | |||||
| CVE-2008-3308 | 1 Carlos Desseno | 1 Youtube Blog | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter. | |||||
| CVE-2008-3309 | 1 Digiappz | 1 Digileave | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||||
| CVE-2008-3310 | 1 Preproject | 1 Pre Survey Poll | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-3317 | 1 Maian Script World | 1 Maian Search | 2017-09-29 | 7.5 HIGH | N/A |
| admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. | |||||
| CVE-2008-3331 | 1 Mantis | 1 Mantis | 2017-09-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. | |||||
| CVE-2008-3332 | 1 Mantis | 1 Mantis | 2017-09-29 | 6.5 MEDIUM | N/A |
| Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. | |||||
| CVE-2008-3346 | 1 E-topbiz | 1 Shopcart Dx | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2008-3351 | 1 Atomphotoblog | 1 Atomphotoblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action. | |||||
| CVE-2008-3352 | 1 Nersoft | 1 Live Music Plus | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action. | |||||
| CVE-2008-3355 | 1 Camera Life | 1 Camera Life | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. | |||||
| CVE-2008-3360 | 1 Intellitamper | 1 Intellitamper | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494. | |||||
| CVE-2008-3361 | 1 Intellitamper | 1 Intellitamper | 2017-09-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header. | |||||
| CVE-2008-3362 | 2 Giulio Ganci, Wordpress | 2 Wp Downloads Manager, Wp Downloads Manager | 2017-09-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/. | |||||
| CVE-2008-3364 | 1 Trend Micro | 1 Officescan | 2017-09-29 | 9.3 HIGH | N/A |
| Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3366 | 1 Pligg | 1 Pligg Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774. | |||||
| CVE-2008-3368 | 1 Atutor | 1 Atutor | 2017-09-29 | 6.5 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter. | |||||
| CVE-2008-3371 | 1 Talkback | 1 Talkback | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
| CVE-2008-3372 | 1 Greatclone | 1 Getacoder Clone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | |||||
| CVE-2008-3377 | 1 Brandon Tallent | 1 Phptest | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | |||||