Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0824 | 1 Caroline | 1 Caroline | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors. | |||||
| CVE-2008-0846 | 2 Joomla, Mambo | 2 Com Profile, Com Profile | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter. | |||||
| CVE-2008-0889 | 1 Redhat | 2 Directory Server, Enterprise Linux | 2008-09-05 | 2.1 LOW | N/A |
| Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script. | |||||
| CVE-2008-0909 | 1 Schoolwires | 1 Academic Portal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0913 | 1 Invision Power Services | 1 Invision Power Board | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context. | |||||
| CVE-2008-0917 | 1 Tor World | 10 Com Vote, I-navigator, Interactive Bbs and 7 more | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi (aka Quotes of the Day) 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor Board 1.1 and earlier, Simple Vote 1.1 and earlier, and Com Vote 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-0930 | 2 Debian, Freshmeat | 2 Debian Linux, Xwine | 2008-09-05 | 7.2 HIGH | N/A |
| w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0931 | 2 Debian, Xwine | 2 Debian Linux, Xwine | 2008-09-05 | 6.3 MEDIUM | N/A |
| w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file. | |||||
| CVE-2008-0936 | 1 Xoops | 1 Prayer List Module | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
| CVE-2008-0937 | 2 Tinyevent, Xoops | 2 Tinyevent, Tiny Event Module | 2008-09-05 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | |||||
| CVE-2008-0940 | 1 Webgui | 1 Webgui | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407. | |||||
| CVE-2008-1041 | 1 Matts Whois | 1 Matts Whois | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter. | |||||
| CVE-2008-1062 | 1 Intervideo | 1 Windvd Media Center | 2008-09-05 | 5.0 MEDIUM | N/A |
| InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1065 | 1 Xoops | 1 Xm Memberstats | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1075 | 1 Maianscriptworld | 1 Maian Cart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1113 | 2 Cisco, Vocera Communications | 2 7921 Wireless Ip Phone, Vocera Communications Badge | 2008-09-05 | 7.8 HIGH | N/A |
| Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2008-1131 | 1 Drupal | 1 Drupal | 2008-09-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms. | |||||
| CVE-2008-1132 | 1 Net Activity Viewer | 1 Net Activity Viewer | 2008-09-05 | 4.7 MEDIUM | N/A |
| Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action. | |||||
| CVE-2008-0442 | 1 Small Axe Solutions | 1 Weblog | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0494 | 1 Endian | 1 Firewall | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0540 | 1 Trixbox | 1 Trixbox | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/. | |||||
| CVE-2008-0558 | 1 Uniwin | 1 Ecart Professional | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0563 | 1 Liferay | 1 Liferay Enterprise Portal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | |||||
| CVE-2008-0604 | 1 Xlight Ftp Server | 1 Xlight Ftp Server | 2008-09-05 | 6.8 MEDIUM | N/A |
| The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2008-0629 | 1 Mplayer | 1 Mplayer | 2008-09-05 | 4.3 MEDIUM | N/A |
| Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title. | |||||
| CVE-2008-0630 | 1 Mplayer | 1 Mplayer | 2008-09-05 | 6.8 MEDIUM | N/A |
| Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code. | |||||
| CVE-2008-0645 | 1 Portail Web Php | 1 Portail Web Php | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0650 | 1 Simple Os Cms | 1 Simple Os Cms | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0651 | 1 Pedro Santana Codice | 1 Cms | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0665 | 1 Website Meta Language | 1 Website Meta Language | 2008-09-05 | 3.6 LOW | N/A |
| wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. | |||||
| CVE-2008-0666 | 1 Website Meta Language | 1 Website Meta Language | 2008-09-05 | 3.6 LOW | N/A |
| Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c. | |||||
| CVE-2008-0669 | 1 Sift | 1 Unity | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0684 | 1 Itechscripts | 1 Itechclassifieds | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter. | |||||
| CVE-2008-0685 | 1 Itechscripts | 1 Itechclassifieds | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||||
| CVE-2008-0700 | 1 Crux Software | 1 Cruxcms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0723 | 1 Planetluc | 1 Mynews | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1. | |||||
| CVE-2008-0725 | 1 Titan | 1 Ftp Server | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702. | |||||
| CVE-2008-0731 | 3 Linux, Novell, Suse | 3 Linux Kernel, Apparmor, Open Suse | 2008-09-05 | 7.5 HIGH | N/A |
| The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor change_hat system call, which might allow attackers to trigger the unconfining of an apparmored task. | |||||
| CVE-2008-0732 | 2 Apache, Suse | 2 Geronimo, Suse Linux | 2008-09-05 | 2.1 LOW | N/A |
| The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories. | |||||
| CVE-2008-0774 | 1 Loris | 1 Hotel Reservation System | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0777 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 4.9 MEDIUM | N/A |
| The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files. | |||||
| CVE-2008-0162 | 2 Debian, Sam Lantinga | 2 Debian Linux, Splitvt | 2008-09-05 | 7.2 HIGH | N/A |
| misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. | |||||
| CVE-2008-0178 | 1 Liferay | 1 Liferay Enterprise Portal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
| CVE-2008-0179 | 1 Liferay | 1 Liferay Enterprise Portal | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. | |||||
| CVE-2008-0180 | 1 Liferay | 1 Liferay Enterprise Portal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. | |||||
| CVE-2008-0181 | 1 Liferay | 1 Liferay Enterprise Portal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. | |||||
| CVE-2008-0182 | 1 Liferay | 1 Liferay Enterprise Portal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. | |||||
| CVE-2008-0285 | 1 Ngircd | 1 Ngircd | 2008-09-05 | 5.0 MEDIUM | N/A |
| ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. | |||||
| CVE-2008-0302 | 1 Debian | 1 Apt-listchanges | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory. | |||||
| CVE-2008-0334 | 1 Pmachine | 1 Pmachine Pro | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter. | |||||