Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0283 | 1 Domphp | 1 Domphp | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2008-0287 | 1 Visionburst | 1 Vcart | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php. | |||||
| CVE-2008-0290 | 1 Digitalhive | 1 Digitalhive | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php. | |||||
| CVE-2008-0295 | 1 Videolan | 1 Vlc Media Player | 2017-09-29 | 8.5 HIGH | N/A |
| Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. | |||||
| CVE-2008-0296 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2017-09-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. | |||||
| CVE-2008-0297 | 1 Keil Software | 1 Photokorn | 2017-09-29 | 5.0 MEDIUM | N/A |
| PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. | |||||
| CVE-2008-0300 | 1 Mapbender | 1 Mapbender | 2017-09-29 | 6.8 MEDIUM | N/A |
| mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences. | |||||
| CVE-2008-0304 | 3 Linux, Microsoft, Mozilla | 4 Linux Kernel, Windows, Seamonkey and 1 more | 2017-09-29 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. | |||||
| CVE-2008-0310 | 1 Sco | 1 Unixware | 2017-09-29 | 6.9 MEDIUM | N/A |
| Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST. | |||||
| CVE-2008-0320 | 1 Openoffice | 1 Openoffice.org | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream. | |||||
| CVE-2008-0324 | 1 Cisco | 1 Vpn Client | 2017-09-29 | 4.9 MEDIUM | N/A |
| Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. | |||||
| CVE-2008-0325 | 1 Fascript | 1 Fapersian Petition | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0326 | 1 Fascript | 1 Fapersianhack | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php. | |||||
| CVE-2008-0327 | 1 Fascript | 1 Famp3 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0328 | 1 Fascript | 1 Faname | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0329 | 1 Julien Plesniak | 1 Lulieblog | 2017-09-29 | 5.0 MEDIUM | N/A |
| LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter. | |||||
| CVE-2008-0333 | 2 Afterlogic, Microsoft | 2 Mailbee Webmail Pro, Asp.net | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter. | |||||
| CVE-2008-0337 | 1 Miniweb Http Server | 1 Miniweb Http Server | 2017-09-29 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI. | |||||
| CVE-2008-0338 | 1 Miniweb Http Server | 1 Miniweb Http Server | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. | |||||
| CVE-2008-0350 | 1 Evilsentinel | 1 Evilsentinel | 2017-09-29 | 7.5 HIGH | N/A |
| admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes. | |||||
| CVE-2008-0351 | 1 Evilsentinel | 1 Evilsentinel | 2017-09-29 | 5.0 MEDIUM | N/A |
| admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. | |||||
| CVE-2008-0352 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.8 HIGH | N/A |
| The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram). | |||||
| CVE-2008-0353 | 1 Php-residence | 1 Php-residence | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0355 | 1 Phpecho Cms | 1 Phpecho Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866. | |||||
| CVE-2008-0357 | 1 Galaxyscripts | 1 Mini File Host | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
| CVE-2008-0358 | 1 Pixelpost | 1 Pixelpost | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter. | |||||
| CVE-2008-0371 | 1 Alilg | 1 Alitalk | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0376 | 1 Softpedia | 1 Small Axe Weblog | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter. | |||||
| CVE-2008-0379 | 2 Businessobjects, Microsoft | 2 Crystal Reports Xi, Activex | 2017-09-29 | 9.3 HIGH | N/A |
| Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. | |||||
| CVE-2008-0380 | 1 Digital Data Communications | 1 Rtspvapgdecoder.dll | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property. | |||||
| CVE-2008-0388 | 1 Wordpress | 1 Wp Forum | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI. | |||||
| CVE-2008-0390 | 1 Auracms | 2 Auracms, Mod Block Statistik | 2017-09-29 | 7.5 HIGH | N/A |
| stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php. | |||||
| CVE-2008-0391 | 1 Alilg | 1 Alitalk | 2017-09-29 | 7.5 HIGH | N/A |
| inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. | |||||
| CVE-2008-0392 | 1 Microsoft | 1 Visual Basic | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. | |||||
| CVE-2008-0393 | 1 Gradman | 1 Gradman | 2017-09-29 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361. | |||||
| CVE-2008-0394 | 1 Citadel | 1 Smtp | 2017-09-29 | 7.5 HIGH | N/A |
| Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information. | |||||
| CVE-2008-0397 | 1 Aflog.org | 1 Aflog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php. | |||||
| CVE-2008-0398 | 1 Aflog | 1 Aflog | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form. | |||||
| CVE-2008-0399 | 1 Toshiba | 1 Surveillix | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods. | |||||
| CVE-2008-0421 | 1 Invision Power Services | 1 Invision Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command. | |||||
| CVE-2008-0423 | 1 Lama | 1 Lama Software | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/. | |||||
| CVE-2008-0424 | 1 Mooseguy Blog System | 1 Mgbs | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter. | |||||
| CVE-2008-0425 | 1 Frimousse | 1 Frimousse | 2017-09-29 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter. | |||||
| CVE-2008-0429 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. | |||||
| CVE-2008-0430 | 1 360 Web Manager | 1 360 Web Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. | |||||
| CVE-2008-0431 | 1 Idmos | 1 Idmos Cms | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. | |||||
| CVE-2008-0435 | 1 Ozjournals | 1 Ozjournals | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action. | |||||
| CVE-2008-0437 | 2 Hp, Microsoft | 2 Virtual Rooms, Activex | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0440 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2017-09-29 | 5.0 MEDIUM | N/A |
| AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. | |||||
| CVE-2008-0443 | 1 Lycos | 1 Fileuploader.dll | 2017-09-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information. | |||||