Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3733 | 1 Eo-video | 1 Eo-video | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element. | |||||
| CVE-2008-3734 | 1 Ipswitch | 2 Ws Ftp Home, Ws Ftp Pro | 2017-09-29 | 9.3 HIGH | N/A |
| Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). | |||||
| CVE-2008-3748 | 1 Lbstone | 2 Active Php Bookmarks, Apb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3749 | 1 Yourfreeworld | 1 Banner Management Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3750 | 1 Yourfreeworld | 1 Url Rotator Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3751 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3755 | 1 Yourfreeworld | 1 Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-3756 | 1 Yourfreeworld | 1 Viral Marketing Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3757 | 1 Yourfreeworld | 1 Forced Matrix Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3761 | 1 Vmware | 1 Vmware Workstation | 2017-09-29 | 4.9 MEDIUM | N/A |
| hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request. | |||||
| CVE-2008-3765 | 1 Discountedscripts | 1 Quick Poll Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3767 | 1 Smartisoft | 1 Phpbazar | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||||
| CVE-2008-3771 | 1 Pars4u | 1 Videosharing | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter. | |||||
| CVE-2008-3772 | 1 Pars4u | 1 Videosharing | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-3779 | 1 Review-script | 1 Five Star Review Script | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action. | |||||
| CVE-2008-3780 | 1 Review-script | 1 Five Star Review Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||||
| CVE-2008-3783 | 1 Matterdaddy | 1 Matterdaddy Market | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters. | |||||
| CVE-2008-3785 | 1 Miacms | 1 Miacms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php. | |||||
| CVE-2008-3787 | 1 Nullscripts | 1 Web Directory Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-3788 | 1 Picturespro | 1 Picturespro Photo Cart | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php. | |||||
| CVE-2008-3794 | 1 Videolan | 1 Vlc Media Player | 2017-09-29 | 6.8 MEDIUM | N/A |
| Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow. | |||||
| CVE-2008-3795 | 1 Ipswitch | 1 Ws Ftp Home | 2017-09-29 | 10.0 HIGH | N/A |
| Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response." | |||||
| CVE-2008-3804 | 1 Cisco | 1 Ios | 2017-09-29 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used. | |||||
| CVE-2008-3810 | 1 Cisco | 1 Ios | 2017-09-29 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka CSCsg22426, a different vulnerability than CVE-2008-3811. | |||||
| CVE-2008-3811 | 1 Cisco | 1 Ios | 2017-09-29 | 7.8 HIGH | N/A |
| Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) Fragmentation Support is enabled, allows remote attackers to cause a denial of service (device reload) via segmented SCCP messages, aka Cisco Bug ID CSCsi17020, a different vulnerability than CVE-2008-3810. | |||||
| CVE-2008-3815 | 1 Cisco | 2 Asa 5500, Pix | 2017-09-29 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1 before 8.1(1)13, when configured as a VPN using Microsoft Windows NT Domain authentication, allows remote attackers to bypass VPN authentication via unknown vectors. | |||||
| CVE-2008-3816 | 1 Cisco | 2 Adaptive Security Appliance 5500 Series, Pix Security Appliance | 2017-09-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2(4)9 and 7.2(4)10 allows remote attackers to cause a denial of service (device reload) via a crafted IPv6 packet. | |||||
| CVE-2008-3817 | 1 Cisco | 2 Adaptive Security Appliance 5500 Series, Pix Security Appliance | 2017-09-29 | 7.8 HIGH | N/A |
| Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator." | |||||
| CVE-2008-3833 | 1 Linux | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210. | |||||
| CVE-2008-3834 | 1 Freedesktop | 3 Dbus, Dbus1.0, Dbus1.1.0 | 2017-09-29 | 2.1 LOW | N/A |
| The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. | |||||
| CVE-2008-3835 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-29 | 7.5 HIGH | N/A |
| The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | |||||
| CVE-2008-3848 | 1 Pdesigner | 1 Z-breaknews | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3859 | 1 Davlin | 1 Thickbox Gallery | 2017-09-29 | 5.0 MEDIUM | N/A |
| Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php. | |||||
| CVE-2008-3861 | 1 Phpmyrealty | 1 Phpmyrealty | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php. | |||||
| CVE-2008-3875 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 7.2 HIGH | N/A |
| The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls. | |||||
| CVE-2008-3877 | 1 Acoustica | 1 Mixcraft | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 Build 98 allows user-assisted attackers to execute arbitrary code via a crafted .mx4 file. NOTE: it was later reported that version 3 is also affected. | |||||
| CVE-2008-3878 | 1 Ultrashareware | 1 Ultra Office Control | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method. | |||||
| CVE-2008-3879 | 1 Ultrashareware | 1 Ultra Office Control | 2017-09-29 | 9.3 HIGH | N/A |
| The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method. | |||||
| CVE-2008-3923 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action. | |||||
| CVE-2008-3924 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 4.3 MEDIUM | N/A |
| The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19. | |||||
| CVE-2008-3925 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action. | |||||
| CVE-2008-3926 | 1 Hans Oesterholt | 1 Cmme | 2017-09-29 | 5.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php. | |||||
| CVE-2008-3943 | 1 Ezonescripts | 1 Living Local | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
| CVE-2008-3944 | 1 Discountedscripts | 1 Acg Ptp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action. | |||||
| CVE-2008-3945 | 1 Source Workshop | 1 Words Tag Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action. | |||||
| CVE-2008-3951 | 1 Vastal | 1 Agent Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter. | |||||
| CVE-2008-3952 | 1 Editeurscripts Esfaq | 1 2.0 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter. | |||||
| CVE-2008-3953 | 1 Vastal | 1 Shaadi Zone | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter. | |||||
| CVE-2008-3955 | 1 Masir Camp | 1 E-shop Module | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page. | |||||
| CVE-2008-4018 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805. | |||||