Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3283 | 2 Fedora, Redhat | 2 Directory Server, Directory Server | 2017-09-29 | 7.8 HIGH | N/A |
| Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests. | |||||
| CVE-2008-3291 | 1 Aprox | 2 Aprox Cms Engine, Aproxengine | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3292 | 1 Ezwebalbum | 1 Ezwebalbum | 2017-09-29 | 6.4 MEDIUM | N/A |
| constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php. | |||||
| CVE-2008-3302 | 1 Tuxplanet | 1 Bilboblog | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter. | |||||
| CVE-2008-3303 | 1 Tuxplanet | 1 Bilboblog | 2017-09-29 | 6.8 MEDIUM | N/A |
| admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. | |||||
| CVE-2008-3305 | 1 Carlos Desseno | 1 Youtube Blog | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter. | |||||
| CVE-2008-3307 | 1 Youtube Blog | 1 Youtube Blog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306. | |||||
| CVE-2008-3308 | 1 Carlos Desseno | 1 Youtube Blog | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter. | |||||
| CVE-2008-3309 | 1 Digiappz | 1 Digileave | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||||
| CVE-2008-3310 | 1 Preproject | 1 Pre Survey Poll | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-3317 | 1 Maian Script World | 1 Maian Search | 2017-09-29 | 7.5 HIGH | N/A |
| admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. | |||||
| CVE-2008-3331 | 1 Mantis | 1 Mantis | 2017-09-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. | |||||
| CVE-2008-3332 | 1 Mantis | 1 Mantis | 2017-09-29 | 6.5 MEDIUM | N/A |
| Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. | |||||
| CVE-2008-3346 | 1 E-topbiz | 1 Shopcart Dx | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2008-3351 | 1 Atomphotoblog | 1 Atomphotoblog | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action. | |||||
| CVE-2008-3352 | 1 Nersoft | 1 Live Music Plus | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action. | |||||
| CVE-2008-3355 | 1 Camera Life | 1 Camera Life | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. | |||||
| CVE-2008-3360 | 1 Intellitamper | 1 Intellitamper | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494. | |||||
| CVE-2008-3361 | 1 Intellitamper | 1 Intellitamper | 2017-09-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header. | |||||
| CVE-2008-3362 | 2 Giulio Ganci, Wordpress | 2 Wp Downloads Manager, Wp Downloads Manager | 2017-09-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/. | |||||
| CVE-2008-3364 | 1 Trend Micro | 1 Officescan | 2017-09-29 | 9.3 HIGH | N/A |
| Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3366 | 1 Pligg | 1 Pligg Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774. | |||||
| CVE-2008-3368 | 1 Atutor | 1 Atutor | 2017-09-29 | 6.5 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter. | |||||
| CVE-2008-3371 | 1 Talkback | 1 Talkback | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||||
| CVE-2008-3372 | 1 Greatclone | 1 Getacoder Clone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | |||||
| CVE-2008-3377 | 1 Brandon Tallent | 1 Phptest | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | |||||
| CVE-2008-3378 | 1 Fizzmedia Negativekarma | 1 Fizzmedia | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2008-3382 | 1 Mojoscripts | 1 Mojoclassifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. | |||||
| CVE-2008-3383 | 1 Mojoscripts | 1 Mojoauto | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action. | |||||
| CVE-2008-3385 | 1 Linuxwebshop | 1 Php Help Agent | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | |||||
| CVE-2008-3386 | 1 Alstrasoft | 1 Video Share Enterprise | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086. | |||||
| CVE-2008-3387 | 1 Phpfootball | 1 Phpfootball | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter. | |||||
| CVE-2008-3403 | 1 Mojoscripts | 1 Mojopersonals | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-3405 | 1 Nazgulled | 1 Nzfotolog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter. | |||||
| CVE-2008-3406 | 1 Phplinkat | 1 Phplinkat | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-3407 | 1 Phplinkat | 1 Phplinkat | 2017-09-29 | 5.0 MEDIUM | N/A |
| phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie. | |||||
| CVE-2008-3408 | 1 Coolplayer | 1 Coolplayer | 2017-09-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file. | |||||
| CVE-2008-3412 | 1 Ecshop | 1 Epshop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI. | |||||
| CVE-2008-3413 | 1 Greatclone | 1 Auction Platinum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | |||||
| CVE-2008-3414 | 1 Siteadmin | 1 Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter. | |||||
| CVE-2008-3415 | 1 Cmscout | 1 Cmscout | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences. | |||||
| CVE-2008-3416 | 1 Icebb | 1 Icebb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php. | |||||
| CVE-2008-3417 | 1 Fipsasp | 1 Fipscms Light | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561. | |||||
| CVE-2008-3418 | 1 Willo | 1 Trio | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3419 | 1 Greatclone | 1 Youtuber Clone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter. | |||||
| CVE-2008-3420 | 1 Willo | 1 Mobius Web Publishing Software | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php. | |||||
| CVE-2008-3434 | 1 Apple | 1 Itunes | 2017-09-29 | 7.5 HIGH | N/A |
| Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3445 | 1 Phpmyrealty | 1 Phpmyrealty | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter. | |||||
| CVE-2008-3446 | 1 Letterit | 1 Letterit | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||||
| CVE-2008-3447 | 1 F-prot | 2 F-prot Antivirus, Scanning Engine | 2017-09-29 | 5.0 MEDIUM | N/A |
| The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote attackers to cause a denial of service (infinite loop) via a malformed ZIP archive, probably related to invalid offsets. | |||||