Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3148 | 2 Mackt, Ollydbg | 2 Imprec, Ollydbg | 2017-09-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f allows user-assisted attackers to execute arbitrary code via a crafted DLL file that contains a long string. | |||||
| CVE-2008-3150 | 1 Neutrino-cms | 1 Atomic Edition | 2017-09-29 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php. | |||||
| CVE-2008-3152 | 1 Orbitscripts | 2 Smartppc, Smartppc Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter. | |||||
| CVE-2008-3153 | 1 Tritoncms | 1 Triton Cms Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | |||||
| CVE-2008-3154 | 1 Webblizzard | 1 Content Management System | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-3155 | 1 Panda | 1 Panda Activescan | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method. | |||||
| CVE-2008-3156 | 1 Panda | 1 Panda Activescan | 2017-09-29 | 9.3 HIGH | N/A |
| The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method. | |||||
| CVE-2008-3164 | 1 Fuzzylime | 1 Fuzzylime Cms | 2017-09-29 | 7.6 HIGH | N/A |
| Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected. | |||||
| CVE-2008-3165 | 1 Fuzzylime | 1 Fuzzylime Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805. | |||||
| CVE-2008-3166 | 1 Boonex | 1 Ray | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter. | |||||
| CVE-2008-3167 | 1 Boonex | 1 Dolphin | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin. | |||||
| CVE-2008-3178 | 1 Webxell | 1 Webxell Editor | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/. | |||||
| CVE-2008-3179 | 1 W2b | 1 Phpdatingclub | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | |||||
| CVE-2008-3180 | 1 Cwh Underground | 1 Contentnow Cms | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) pageid parameter or (2) PATH_INFO. | |||||
| CVE-2008-3181 | 1 Content Now | 1 Content Now | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload.php in ContentNow CMS 1.4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/. | |||||
| CVE-2008-3182 | 1 Speedbit | 1 Download Accelerator Plus | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL. | |||||
| CVE-2008-3190 | 1 1scripts | 1 Codedb | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2008-3191 | 1 Marcioforum | 1 Mforum | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action. | |||||
| CVE-2008-3192 | 1 Sclek | 1 Jsite | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||||
| CVE-2008-3193 | 1 Sclek | 1 Jsite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI. | |||||
| CVE-2008-3194 | 1 Pluck | 1 Pluck | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter. | |||||
| CVE-2008-3195 | 1 Twiki | 1 Twiki | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors. | |||||
| CVE-2008-3200 | 1 Easy-script | 1 Avlc Forum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action. | |||||
| CVE-2008-3204 | 1 E-topbiz | 1 Million Pixels | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter. | |||||
| CVE-2008-3205 | 1 Easy-script | 1 Wysi Wiki Wyg | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Easy-Script Wysi Wiki Wyg 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. | |||||
| CVE-2008-3207 | 1 Pragyan | 1 Praygan Cms | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter. | |||||
| CVE-2008-3209 | 1 Blackice | 1 Black Ice Document Imaging Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3210 | 1 Resiprocate | 1 Resiprocate | 2017-09-29 | 5.0 MEDIUM | N/A |
| rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows remote attackers to cause a denial of service (daemon crash) via a SIP (1) INVITE or (2) OPTIONS message with a long domain name in a request URI, which triggers an assert error. | |||||
| CVE-2008-3211 | 1 Scripteen | 1 Free Image Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote attackers to bypass authentication and gain administrative access by setting the cookid cookie value to 1. | |||||
| CVE-2008-3213 | 1 Webcms | 1 Webcms Portal Edition | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3234 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2017-09-29 | 6.5 MEDIUM | N/A |
| sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username. | |||||
| CVE-2008-3237 | 1 Itechscripts | 1 Itechbids | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter. | |||||
| CVE-2008-3238 | 1 Itechscripts | 1 Itechbids | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php. | |||||
| CVE-2008-3239 | 1 Phpizabi | 1 Phpizabi | 2017-09-29 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter. | |||||
| CVE-2008-3240 | 1 Alstrasoft | 1 Affiliate Network Pro | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action. | |||||
| CVE-2008-3241 | 1 Ultrastats | 1 Ultrastats | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3242 | 1 Ppmate | 1 Ppmedia Class | 2017-09-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3245 | 1 Cable-modems | 1 Phphoo3 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter. | |||||
| CVE-2008-3250 | 1 Arctictracker | 1 Arctic Issue Tracker | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter. | |||||
| CVE-2008-3251 | 1 Tpl Design | 1 Tplsoccersite | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/. | |||||
| CVE-2008-3254 | 1 Precoc | 1 Precms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action. | |||||
| CVE-2008-3256 | 1 Siteframe | 2 Siteframe Beaumont, Siteframe Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3257 | 3 Bea, Bea Systems, Oracle | 4 Weblogic Server, Apache Connector In Weblogic Server, Weblogic Server and 1 more | 2017-09-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request. | |||||
| CVE-2008-3265 | 1 Joomla | 1 Com Dtregister | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php. | |||||
| CVE-2008-3266 | 1 Softacid | 1 Hotel Reservation System Multi | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2008-3267 | 1 Mojoscripts | 1 Mojojobs | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. | |||||
| CVE-2008-3269 | 1 Winsoftmagic | 2 Winremotepc Full, Winremotepc Lite | 2017-09-29 | 5.0 MEDIUM | N/A |
| WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321. | |||||
| CVE-2008-3270 | 1 Redhat | 1 Enterprise Linux | 2017-09-29 | 2.6 LOW | N/A |
| yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested. | |||||
| CVE-2008-3279 | 1 Mielke | 1 Brltty | 2017-09-29 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting. | |||||
| CVE-2008-3282 | 1 Openoffice | 1 Openoffice.org | 2017-09-29 | 9.3 HIGH | N/A |
| Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152. | |||||