Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2228 | 1 Cyberfolio | 1 Cyberfolio | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter. | |||||
| CVE-2008-2237 | 1 Openoffice | 1 Openoffice.org | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document. | |||||
| CVE-2008-2238 | 1 Openoffice | 1 Openoffice.org | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow. | |||||
| CVE-2008-2244 | 1 Microsoft | 1 Office Word | 2017-09-29 | 9.3 HIGH | N/A |
| Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. | |||||
| CVE-2008-2263 | 1 Cmsnx | 1 Automated Link Exchange Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc. | |||||
| CVE-2008-2265 | 1 Emophp | 1 Emo Realty Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter. | |||||
| CVE-2008-2267 | 1 Cms Made Simple | 1 Cms Made Simple | 2017-09-29 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/. | |||||
| CVE-2008-2270 | 1 Phpway | 1 Kostenloses Linkmanagementscript | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenloses Linkmanagementscript allow remote attackers to execute arbitrary PHP code via a URL in the (1) main_page_directory and (2) page_to_include parameters in template\index.php. | |||||
| CVE-2008-2276 | 1 Matisbt | 1 Mantis | 2017-09-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in manage_user_create.php in Mantis 1.1.1 allows remote attackers to create new administrative users via a crafted link. | |||||
| CVE-2008-2277 | 1 Cmsnx | 1 Feedback And Rating Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | |||||
| CVE-2008-2278 | 1 Freelanceauction | 1 Freelance Auction Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browseproject.php in Freelance Auction Script 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a pdetails action. | |||||
| CVE-2008-2279 | 1 Freelance Auction | 1 Freelance Auction Script | 2017-09-29 | 5.0 MEDIUM | N/A |
| Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table. | |||||
| CVE-2008-2282 | 1 Thomas Voecking | 1 Internet Photoshow | 2017-09-29 | 7.5 HIGH | N/A |
| admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true. | |||||
| CVE-2008-2283 | 1 Idautomation | 4 Aztec Barcode, Datamatrix Barcode, Linear Barcode and 1 more | 2017-09-29 | 9.3 HIGH | N/A |
| IDAutomation allows remote attackers to overwrite arbitrary files via the argument to the (1) SaveBarCode and (2) SaveEnhWMF methods in (a) the IDAuto.BarCode.1 ActiveX control in IDAutomationLinear6.dll (aka IDAutomation Linear BarCode) 1.6.0.6, (b) the IDAuto.Datamatrix.1 ActiveX control in IDAutomationDMATRIX6.DLL (aka IDautomation Datamatrix Barcode) 1.6.0.6, (c) the IDAuto.PDF417.1 ActiveX control in IDAutomationPDF417_6.dll (aka IDautomation PDF417 Barcode) 1.6.0.6, and (d) the IDAuto.Aztec.1 ActiveX control in IDAutomationAZTEC.dll (aka IDautomation Aztec Barcode) 1.7.1.0. | |||||
| CVE-2008-2292 | 1 Net-snmp | 1 Net-snmp | 2017-09-29 | 6.8 MEDIUM | N/A |
| Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). | |||||
| CVE-2008-2293 | 1 Tpvgames | 1 Mpcs | 2017-09-29 | 7.5 HIGH | N/A |
| admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1. | |||||
| CVE-2008-2294 | 1 Mreaves | 1 Pet Grooming Management System | 2017-09-29 | 7.5 HIGH | N/A |
| Pet Grooming Management System 2.0 allows remote attackers to gain privileges via a direct request to useradded.php with a modified user name for "admin." | |||||
| CVE-2008-2295 | 1 Rgboard | 1 Rgboard | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard 3.0.12, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the s_text parameter and other unspecified vectors. | |||||
| CVE-2008-2296 | 1 Rgboard | 1 Rgboard | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. | |||||
| CVE-2008-2297 | 1 Roticv | 1 Rantx | 2017-09-29 | 7.5 HIGH | N/A |
| The admin.php file in Rantx allows remote attackers to bypass authentication and gain privileges by setting the logininfo cookie to "<?php" or "?>", which is present in the password file and probably passes an insufficient comparison. | |||||
| CVE-2008-2298 | 1 Sourceforge | 1 Web Slider | 2017-09-29 | 7.5 HIGH | N/A |
| Admin.php in Web Slider 0.6 allows remote attackers to bypass authentication and gain privileges by setting the admin cookie to 1. | |||||
| CVE-2008-2335 | 1 Vastal | 1 Phpvid | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected. | |||||
| CVE-2008-2336 | 1 68 Classifieds | 1 68 Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-2337 | 1 Imgallery | 1 Imgallery | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163. | |||||
| CVE-2008-2338 | 1 Interspire | 1 Activekb | 2017-09-29 | 7.5 HIGH | N/A |
| Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin. | |||||
| CVE-2008-2340 | 1 News Manager | 1 News Manager | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php. | |||||
| CVE-2008-2341 | 1 Avalonnet | 1 News Manager | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter. | |||||
| CVE-2008-2342 | 1 News Manager | 1 News Manager | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in attachments.php in News Manager 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. | |||||
| CVE-2008-2343 | 1 News Manager | 1 News Manager | 2017-09-29 | 7.5 HIGH | N/A |
| News Manager 2.0 allows remote attackers to bypass restrictions and obtain sensitive information via a direct request to (1) db/connect_str.php and (2) login/info.php. | |||||
| CVE-2008-2346 | 1 Alkalinephp | 1 Alkalinephp | 2017-09-29 | 7.5 HIGH | N/A |
| AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php. | |||||
| CVE-2008-2347 | 1 Mypicgallery | 1 Mypicgallery | 2017-09-29 | 7.5 HIGH | N/A |
| MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php. | |||||
| CVE-2008-2348 | 1 Meltingicefs | 1 Meltingice File System | 2017-09-29 | 7.5 HIGH | N/A |
| MeltingIce File System 1.0 allows remote attackers to bypass application authentication, create new user accounts, and exceed application quotas via a direct request to admin/adduser.php. | |||||
| CVE-2008-2349 | 1 Zomp | 1 Zomplog | 2017-09-29 | 7.5 HIGH | N/A |
| Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1. | |||||
| CVE-2008-2351 | 1 Webmanager-pro | 1 Cms Webmanager-pro | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters. | |||||
| CVE-2008-2353 | 1 Gnugallery | 1 Gnugallery | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. | |||||
| CVE-2008-2355 | 1 Wr-script | 1 Wr-meeting | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in WR-Meeting 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the msnum parameter in a coment event. | |||||
| CVE-2008-2356 | 1 Archangelmgt | 1 Archangel Weblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter. | |||||
| CVE-2008-2358 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 7.2 HIGH | N/A |
| Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow. | |||||
| CVE-2008-2366 | 2 Openoffice, Redhat | 2 Openoffice, Enterprise Linux | 2017-09-29 | 4.4 MEDIUM | N/A |
| Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. | |||||
| CVE-2008-2372 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of "useless newly zeroed pages." | |||||
| CVE-2008-2374 | 1 Bluez | 2 Bluez Libs, Bluez Utils | 2017-09-29 | 7.5 HIGH | N/A |
| src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read. | |||||
| CVE-2008-2379 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. | |||||
| CVE-2008-2390 | 1 Hp | 1 Software Update | 2017-09-29 | 6.8 MEDIUM | N/A |
| Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument. | |||||
| CVE-2008-2393 | 1 Entertainmentscript | 1 Entertainmentscript | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2394 | 1 Tagworx | 1 Tagworx Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php. | |||||
| CVE-2008-2395 | 1 Alkalinephp | 1 Alkalinephp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2396 | 1 Wajox Software | 1 Mircrossys Cms | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Wajox Software microSSys CMS 1.5 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in an arbitrary element of the PAGES array parameter. | |||||
| CVE-2008-2416 | 1 Fichive | 1 Fichive | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter in a Fiction action, possibly related to sources/fiction.class.php. | |||||
| CVE-2008-2417 | 1 How2asp | 1 Webboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter. | |||||
| CVE-2008-2418 | 1 Sun | 1 Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Race condition in the STREAMS Administrative Driver (sad) in Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. | |||||