Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3378 | 1 Fizzmedia Negativekarma | 1 Fizzmedia | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2008-3382 | 1 Mojoscripts | 1 Mojoclassifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. | |||||
| CVE-2008-3383 | 1 Mojoscripts | 1 Mojoauto | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action. | |||||
| CVE-2008-3385 | 1 Linuxwebshop | 1 Php Help Agent | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-3386 | 1 Alstrasoft | 1 Video Share Enterprise | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086. | |||||
| CVE-2008-3387 | 1 Phpfootball | 1 Phpfootball | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter. | |||||
| CVE-2008-3403 | 1 Mojoscripts | 1 Mojopersonals | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-3405 | 1 Nazgulled | 1 Nzfotolog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter. | |||||
| CVE-2008-3406 | 1 Phplinkat | 1 Phplinkat | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-3407 | 1 Phplinkat | 1 Phplinkat | 2017-09-29 | 5.0 MEDIUM | N/A |
| phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie. | |||||
| CVE-2008-3408 | 1 Coolplayer | 1 Coolplayer | 2017-09-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file. | |||||
| CVE-2008-3412 | 1 Ecshop | 1 Epshop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI. | |||||
| CVE-2008-3413 | 1 Greatclone | 1 Auction Platinum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | |||||
| CVE-2008-3414 | 1 Siteadmin | 1 Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter. | |||||
| CVE-2008-3415 | 1 Cmscout | 1 Cmscout | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences. | |||||
| CVE-2008-3416 | 1 Icebb | 1 Icebb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php. | |||||
| CVE-2008-3417 | 1 Fipsasp | 1 Fipscms Light | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561. | |||||
| CVE-2008-3418 | 1 Willo | 1 Trio | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3419 | 1 Greatclone | 1 Youtuber Clone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter. | |||||
| CVE-2008-3420 | 1 Willo | 1 Mobius Web Publishing Software | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php. | |||||
| CVE-2008-3434 | 1 Apple | 1 Itunes | 2017-09-29 | 7.5 HIGH | N/A |
| Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3445 | 1 Phpmyrealty | 1 Phpmyrealty | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter. | |||||
| CVE-2008-3446 | 1 Letterit | 1 Letterit | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2008-3447 | 1 F-prot | 2 F-prot Antivirus, Scanning Engine | 2017-09-29 | 5.0 MEDIUM | N/A |
| The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets. | |||||
| CVE-2008-3452 | 1 Endonesia | 2 Calendar Module, Endonesia | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php. | |||||
| CVE-2008-3454 | 1 Jnshosts | 1 Php Hosting Directory | 2017-09-29 | 7.5 HIGH | N/A |
| JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the "adm" cookie value to 1. | |||||
| CVE-2008-3455 | 1 Jnshosts | 1 Php Hosting Directory | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter. | |||||
| CVE-2008-3481 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2008-3484 | 1 Estoreaff | 1 Estoreaff | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php. | |||||
| CVE-2008-3486 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the user_get_profile function in include/functions.inc.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier, when the charset is utf-8, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang part of serialized data in an _data cookie. | |||||
| CVE-2008-3487 | 1 Phpauctions | 1 Phpauction Gpl Enhanced | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3489 | 1 Phpx | 1 Phpx | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie. | |||||
| CVE-2008-3490 | 1 E-topbiz | 1 Online Dating | 2017-09-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action. | |||||
| CVE-2008-3491 | 1 Scripts24 | 2 Ipost, Itgp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action. | |||||
| CVE-2008-3493 | 1 Realvnc | 1 Realvnc Windows Client | 2017-09-29 | 5.0 MEDIUM | N/A |
| vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet. | |||||
| CVE-2008-3497 | 1 Myphp Cms | 1 Myphp Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2008-3498 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3505 | 1 Polypager | 1 Polypager | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI. | |||||
| CVE-2008-3506 | 1 Polypager | 1 Polypager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI. | |||||
| CVE-2008-3507 | 1 Wogan May | 1 Litenews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. | |||||
| CVE-2008-3508 | 1 Wogan May | 1 Litenews | 2017-09-29 | 5.0 MEDIUM | N/A |
| LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie. | |||||
| CVE-2008-3509 | 1 Lovecms | 1 Lovecms | 2017-09-29 | 7.5 HIGH | N/A |
| LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors. | |||||
| CVE-2008-3520 | 1 Jasper Project | 1 Jasper | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. | |||||
| CVE-2008-3525 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.2 HIGH | N/A |
| The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions. | |||||
| CVE-2008-3527 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.6 MEDIUM | N/A |
| arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions. | |||||
| CVE-2008-3532 | 1 Pidgin | 1 Pidgin | 2017-09-29 | 6.8 MEDIUM | N/A |
| The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. | |||||
| CVE-2008-3549 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors. | |||||
| CVE-2008-3554 | 1 Comsenz | 1 Discuz | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action. | |||||
| CVE-2008-3555 | 1 Wsn | 4 Forum, Gallery, Knowledge Base and 1 more | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences. | |||||
| CVE-2008-3557 | 1 Fhm-script | 1 Free Hosting Manager | 2017-09-29 | 7.5 HIGH | N/A |
| Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies. | |||||