Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3816 | 1 Cisco | 2 Adaptive Security Appliance 5500 Series, Pix Security Appliance | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet. | |||||
| CVE-2008-3817 | 1 Cisco | 2 Adaptive Security Appliance 5500 Series, Pix Security Appliance | 2017-09-29 | 7.8 HIGH | N/A |
| Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator." | |||||
| CVE-2008-3833 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210. | |||||
| CVE-2008-3834 | 1 Freedesktop | 3 Dbus, Dbus1.0, Dbus1.1.0 | 2017-09-29 | 2.1 LOW | N/A |
| The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | |||||
| CVE-2008-3835 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 7.5 HIGH | N/A |
| The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | |||||
| CVE-2008-3848 | 1 Pdesigner | 1 Z-breaknews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3859 | 1 Davlin | 1 Thickbox Gallery | 2017-09-29 | 5.0 MEDIUM | N/A |
| Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php. | |||||
| CVE-2008-3861 | 1 Phpmyrealty | 1 Phpmyrealty | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php. | |||||
| CVE-2008-3875 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 7.2 HIGH | N/A |
| The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls. | |||||
| CVE-2008-3877 | 1 Acoustica | 1 Mixcraft | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 Build 98 allows user-assisted attackers to execute arbitrary code via a crafted .mx4 file. NOTE: it was later reported that version 3 is also affected. | |||||
| CVE-2008-3878 | 1 Ultrashareware | 1 Ultra Office Control | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method. | |||||
| CVE-2008-3879 | 1 Ultrashareware | 1 Ultra Office Control | 2017-09-29 | 9.3 HIGH | N/A |
| The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method. | |||||
| CVE-2008-3923 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action. | |||||
| CVE-2008-3924 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 4.3 MEDIUM | N/A |
| The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19. | |||||
| CVE-2008-3925 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action. | |||||
| CVE-2008-3926 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 5.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php. | |||||
| CVE-2008-3943 | 1 Ezonescripts | 1 Living Local | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
| CVE-2008-3944 | 1 Discountedscripts | 1 Acg Ptp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action. | |||||
| CVE-2008-3945 | 1 Source Workshop | 1 Words Tag Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action. | |||||
| CVE-2008-3951 | 1 Vastal | 1 Agent Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter. | |||||
| CVE-2008-3952 | 1 Editeurscripts Esfaq | 1 2.0 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter. | |||||
| CVE-2008-3953 | 1 Vastal | 1 Shaadi Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter. | |||||
| CVE-2008-3955 | 1 Masir Camp | 1 E-shop Module | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page. | |||||
| CVE-2008-4018 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805. | |||||
| CVE-2008-4039 | 1 Spice Classifieds | 1 Spice Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. | |||||
| CVE-2008-4043 | 1 Aj Square | 1 Aj Hyip | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php. | |||||
| CVE-2008-4044 | 1 Aj Square | 1 Aj Hyip | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter. | |||||
| CVE-2008-4048 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2017-09-29 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method. | |||||
| CVE-2008-4049 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2017-09-29 | 6.8 MEDIUM | N/A |
| A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method. | |||||
| CVE-2008-4050 | 1 Friendly Technologies | 1 Friendly Pppoe Client | 2017-09-29 | 9.3 HIGH | N/A |
| A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method. | |||||
| CVE-2008-4054 | 1 Kolifa | 1 Download Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4059 | 1 Mozilla | 1 Firefox | 2017-09-29 | 7.5 HIGH | N/A |
| The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. | |||||
| CVE-2008-4060 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 7.5 HIGH | N/A |
| Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. | |||||
| CVE-2008-4063 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. | |||||
| CVE-2008-4064 | 1 Mozilla | 1 Firefox | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. | |||||
| CVE-2008-4066 | 1 Mozilla | 1 Firefox | 2017-09-29 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug." | |||||
| CVE-2008-4069 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-29 | 5.0 MEDIUM | N/A |
| The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. | |||||
| CVE-2008-4070 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2017-09-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." | |||||
| CVE-2008-4073 | 1 Zanfi Solutions | 1 Autodealers Cms Autonline | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action. | |||||
| CVE-2008-4074 | 1 Zanfi Solutions | 1 Autodealers Cms Autonline | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||||
| CVE-2008-4075 | 1 Dino | 1 D-iscussion Board | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. | |||||
| CVE-2008-4081 | 1 Stash | 1 Stash | 2017-09-29 | 7.5 HIGH | N/A |
| admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. | |||||
| CVE-2008-4082 | 1 Brim-project | 1 Brim | 2017-09-29 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php. | |||||
| CVE-2008-4083 | 1 Brim-project | 1 Brim | 2017-09-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4084 | 1 Myiosoft | 1 Easyclassifields | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action. | |||||
| CVE-2008-4086 | 1 Source Workshop | 1 Reciprocal Links Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | |||||
| CVE-2008-4087 | 1 Acoustica | 1 Beatcraft | 2017-09-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field. | |||||
| CVE-2008-4088 | 1 Myphpnuke | 1 Myphpnuke | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2008-4089 | 1 Myphpnuke | 1 Myphpnuke | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2008-4090 | 1 Couponscript | 1 Coupon Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672. | |||||