Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5358 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 9.3 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. | |||||
| CVE-2008-5377 | 1 Apple | 1 Cups | 2017-09-29 | 6.9 MEDIUM | N/A |
| pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. | |||||
| CVE-2008-5383 | 1 National Instruments | 1 Electronics Workbench | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file. | |||||
| CVE-2008-5384 | 1 Ibm | 1 Aix | 2017-09-29 | 6.9 MEDIUM | N/A |
| crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. | |||||
| CVE-2008-5387 | 1 Ibm | 1 Aix | 2017-09-29 | 6.2 MEDIUM | N/A |
| Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors. | |||||
| CVE-2008-5405 | 1 Oxid | 1 Cain And Abel | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string. | |||||
| CVE-2008-5406 | 1 Apple | 2 Itunes, Quicktime | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | |||||
| CVE-2008-5410 | 1 Sun | 1 Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. | |||||
| CVE-2008-5418 | 2 Justin Roy, Punbb | 2 Punportal Module, Punbb | 2017-09-29 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. | |||||
| CVE-2008-5486 | 1 Turnkeyforms | 1 Text Link Sales | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5487 | 1 Turnkeyforms | 1 Text Link Sales | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2008-5488 | 1 E-topbiz | 1 Domain Shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter. | |||||
| CVE-2008-5489 | 1 Clip-share | 1 Clipshare | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter. | |||||
| CVE-2008-5490 | 1 Phpstore | 1 Yahoo Answers | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5491 | 1 Slimcms | 1 Slimcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter. | |||||
| CVE-2008-5492 | 1 Verypdf | 1 Verydoc Pdf Viewer | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5493 | 1 Phpstore | 2 Wholesale, Wholesales | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5494 | 2 Digitalgreys, Joomla | 2 Com Contactinfo, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2008-5496 | 1 Pozscripts | 1 Business Directory Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-5497 | 1 Bandsitecms | 1 Bandsite Cms | 2017-09-29 | 7.5 HIGH | N/A |
| BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true. | |||||
| CVE-2008-5504 | 1 Mozilla | 1 Firefox | 2017-09-29 | 7.5 HIGH | N/A |
| Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. | |||||
| CVE-2008-5559 | 1 Dazzlindonna | 1 Postecards | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-5560 | 1 Dazzlindonna | 1 Postecards | 2017-09-29 | 5.0 MEDIUM | N/A |
| PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb. | |||||
| CVE-2008-5561 | 1 Netref | 1 Netref | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php. | |||||
| CVE-2008-5562 | 1 Aspapps | 1 Aspportal | 2017-09-29 | 5.0 MEDIUM | N/A |
| ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb. | |||||
| CVE-2008-5565 | 1 Dinkumsoft | 1 Dl Paycart | 2017-09-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. | |||||
| CVE-2008-5566 | 1 Phpmultiplenewsletters | 1 Phpmultiplenewsletters | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2008-5567 | 1 Bonzacart | 1 Bonza Cart | 2017-09-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters. | |||||
| CVE-2008-5568 | 1 Ipn-mate | 1 Ipn Pro 3 | 2017-09-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters. | |||||
| CVE-2008-5570 | 1 Php Multiple Newsletters | 1 Php Multiple Newsletters | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2008-5571 | 1 Dotnetindex | 1 Professional Download Assistant | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5572 | 1 Dotnetindex | 1 Professional Download Assistant | 2017-09-29 | 5.0 MEDIUM | N/A |
| Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb. | |||||
| CVE-2008-5573 | 1 Adcomplete | 1 Poll Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters. | |||||
| CVE-2008-5574 | 1 Unscripts | 1 Webmaster Marketplace | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter. | |||||
| CVE-2008-5576 | 1 Scssboard | 1 Scssboard | 2017-09-29 | 7.5 HIGH | N/A |
| admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter. | |||||
| CVE-2008-5577 | 1 Scssboard | 1 Scssboard | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to execute arbitrary PHP code via a URL in the inc_function parameter. | |||||
| CVE-2008-5578 | 1 Scssboard | 1 Scssboard | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values. | |||||
| CVE-2008-5582 | 1 Nukedit | 1 Nukedit | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter. | |||||
| CVE-2008-5585 | 1 Lcxbbportal | 1 Lcxbbportal | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php. | |||||
| CVE-2008-5586 | 1 Check Up | 1 Check New | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2008-5587 | 1 Phppgadmin | 1 Phppgadmin | 2017-09-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php. | |||||
| CVE-2008-5588 | 1 Katywhitton | 1 Rankem | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter. | |||||
| CVE-2008-5589 | 1 Katywhitton | 1 Rankem | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5590 | 1 Kalptaru Infotech | 1 Product Sale Framework | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter. | |||||
| CVE-2008-5591 | 1 Iwrite | 1 Nightfall Personal Diary | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5592 | 1 Iwrite | 1 Nightfall Personal Diary | 2017-09-29 | 5.0 MEDIUM | N/A |
| Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb. | |||||
| CVE-2008-5593 | 1 Bpowerhouse | 1 Mini Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters. | |||||
| CVE-2008-5594 | 1 Bpowerhouse | 1 Mini Blog | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters. | |||||
| CVE-2008-5595 | 1 Aspapps | 1 Asp Autodealer | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-5596 | 1 Dotnetindex | 1 Ikon Admanager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. | |||||