Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3558 | 1 Cisco | 1 Webex Meeting Manager | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method. | |||||
| CVE-2008-3564 | 1 Dayfox Designs | 1 Dayfox Blog | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-3567 | 1 Nullsoft | 1 Winamp | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. | |||||
| CVE-2008-3570 | 1 Africabegone | 1 Africa Be Gone | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter. | |||||
| CVE-2008-3571 | 1 Xerox | 1 Phaser | 2017-09-29 | 7.8 HIGH | N/A |
| The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900. | |||||
| CVE-2008-3578 | 1 Hydrairc | 1 Hydrairc | 2017-09-29 | 5.0 MEDIUM | N/A |
| HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI. | |||||
| CVE-2008-3580 | 1 Qsoft | 1 K-links | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/. | |||||
| CVE-2008-3581 | 1 Qsoft | 1 K-links | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action. | |||||
| CVE-2008-3583 | 1 Intellitamper | 1 Intellitamper | 2017-09-29 | 7.5 HIGH | N/A |
| Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected. | |||||
| CVE-2008-3585 | 1 Pozscripts | 1 Greencart Php Shopping Cart | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php. | |||||
| CVE-2008-3586 | 1 Joomla | 1 Com Ezstore | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2008-3588 | 1 Phsblog | 1 Phsblog | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php. | |||||
| CVE-2008-3589 | 1 Mozilo | 1 Mozilocms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter. | |||||
| CVE-2008-3591 | 1 21degrees | 1 Symphony | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php. | |||||
| CVE-2008-3592 | 1 21degrees | 1 Symphony | 2017-09-29 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/. | |||||
| CVE-2008-3593 | 1 Syzygycms | 1 Syzygycms | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-3594 | 1 Magicscripts | 2 E-store Kit-1, E-store Kit-2 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2008-3595 | 1 Txtsql | 1 Txtsql | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter. | |||||
| CVE-2008-3598 | 1 Psi-labs | 1 Psipuss | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php. | |||||
| CVE-2008-3599 | 1 Openimpro | 1 Openimpro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3601 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action. | |||||
| CVE-2008-3725 | 1 Yourfreeworld | 1 Ad Board Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3727 | 1 Microworld Technologies | 1 Mailscan | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2008-3732 | 1 Videolan | 1 Vlc Media Player | 2017-09-29 | 9.3 HIGH | N/A |
| Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3733 | 1 Eo-video | 1 Eo-video | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element. | |||||
| CVE-2008-3734 | 1 Ipswitch | 2 Ws Ftp Home, Ws Ftp Pro | 2017-09-29 | 9.3 HIGH | N/A |
| Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). | |||||
| CVE-2008-3748 | 1 Lbstone | 2 Active Php Bookmarks, Apb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3749 | 1 Yourfreeworld | 1 Banner Management Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3750 | 1 Yourfreeworld | 1 Url Rotator Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3751 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3755 | 1 Yourfreeworld | 1 Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-3756 | 1 Yourfreeworld | 1 Viral Marketing Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3757 | 1 Yourfreeworld | 1 Forced Matrix Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3761 | 1 Vmware | 1 Vmware Workstation | 2017-09-29 | 4.9 MEDIUM | N/A |
| hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request. | |||||
| CVE-2008-3765 | 1 Discountedscripts | 1 Quick Poll Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3767 | 1 Smartisoft | 1 Phpbazar | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||||
| CVE-2008-3771 | 1 Pars4u | 1 Videosharing | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter. | |||||
| CVE-2008-3772 | 1 Pars4u | 1 Videosharing | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-3779 | 1 Review-script | 1 Five Star Review Script | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action. | |||||
| CVE-2008-3780 | 1 Review-script | 1 Five Star Review Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||||
| CVE-2008-3783 | 1 Matterdaddy | 1 Matterdaddy Market | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters. | |||||
| CVE-2008-3785 | 1 Miacms | 1 Miacms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php. | |||||
| CVE-2008-3787 | 1 Nullscripts | 1 Web Directory Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-3788 | 1 Picturespro | 1 Picturespro Photo Cart | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php. | |||||
| CVE-2008-3794 | 1 Videolan | 1 Vlc Media Player | 2017-09-29 | 6.8 MEDIUM | N/A |
| Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow. | |||||
| CVE-2008-3795 | 1 Ipswitch | 1 Ws Ftp Home | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response." | |||||
| CVE-2008-3804 | 1 Cisco | 1 Ios | 2017-09-29 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used. | |||||
| CVE-2008-3810 | 1 Cisco | 1 Ios | 2017-09-29 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811. | |||||
| CVE-2008-3811 | 1 Cisco | 1 Ios | 2017-09-29 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810. | |||||
| CVE-2008-3815 | 1 Cisco | 2 Asa 5500, Pix | 2017-09-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. | |||||