CVE Daily
← All years

All CVEs — 2008

Page 3/35.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2008-12-12
High

CVE-2008-5494

SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.ph…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5493

SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5492

Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first arg…

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2008-5491

SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5490

SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5489

SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5488

SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5487

Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5486

SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
2008-12-11
Medium

CVE-2008-5435

Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5434

Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/user…

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2008-5433

Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5432

Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki pag…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5431

Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2008-5423

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2006-7235

Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argum…

CVSS: 5.0 CWE: CWE-20
Read more
2008-12-10
High

CVE-2008-5420

The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.

CVSS: 7.8 CWE: CWE-200
Read more
Critical

CVE-2008-5419

Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS re…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2008-5418

Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[lan…

CVSS: 5.1 CWE: CWE-22
Read more
Critical

CVE-2008-5416

Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 D…

CVSS: 9.0 CWE: CWE-119
Read more
Critical

CVE-2008-4837

Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-4255

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual…

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2008-4032

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attack…

CVSS: 7.5 CWE: CWE-287
Read more
Critical

CVE-2008-4028

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 Fil…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-4025

Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-4024

Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Blo…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2008-3465

Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a d…

CVSS: 9.8 CWE: CWE-119
Read more
Critical

CVE-2008-3010

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows…

CVSS: 10.0 CWE: CWE-200
Read more
Critical

CVE-2008-5409

Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 all…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5408

Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users…

CVSS: 9.0 CWE: CWE-119
Read more
Critical

CVE-2008-5407

Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 221…

CVSS: 9.4 CWE: CWE-287
Read more
Critical

CVE-2008-5406

Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5405

Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5403

Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2008-5401

Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsin…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2008-5400

Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2008-5399

Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecifi…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5413

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2)…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2008-5305

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.

CVSS: 10.0 CWE: CWE-94
Read more
Medium

CVE-2008-5304

Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.

CVSS: 4.3 CWE: CWE-79
Read more
2008-12-09
Medium

CVE-2008-5395

The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated wit…

CVSS: 4.9 CWE: CWE-119
Read more
High

CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file r…

CVSS: 7.2 CWE: CWE-59
Read more
Medium

CVE-2008-5387

Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecifi…

CVSS: 6.2 CWE: CWE-119
Read more
Medium

CVE-2008-5386

Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors.

CVSS: 6.9 CWE: CWE-119
Read more
Critical

CVE-2008-5383

Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a cra…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5382

Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete…

CVSS: 6.8 CWE: CWE-352
Read more
Critical

CVE-2008-5381

Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-4391

Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 all…

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2008-4390

The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtai…

CVSS: 7.5 CWE: CWE-319
Read more
2008-12-08
Medium

CVE-2008-5380

gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.…

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5379

netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2)…

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5378

arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5377

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5376

editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5375

cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5374

bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5373

mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5372

sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5371

screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5370

pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5369

noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5368

muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5367

ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5366

The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
High

CVE-2008-5365

SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5364

Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads,…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5362

The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value f…

CVSS: 4.3 CWE: CWE-20
Read more
2008-12-05
Critical

CVE-2008-5359

Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and ea…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5358

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5356

Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remot…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5355

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify t…

CVSS: 10.0 CWE: CWE-287
Read more
Critical

CVE-2008-5354

Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-l…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5350

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted a…

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2008-5346

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted apple…

CVSS: 7.1 CWE: CWE-200
Read more
Medium

CVE-2008-5342

Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 a…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2008-5341

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2008-2086

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary co…

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2008-5338

Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5337

SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5336

SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5335

SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send…

CVSS: 6.8 CWE: CWE-89
Read more
Critical

CVE-2008-5334

PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2008-5333

SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5332

Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php…

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2007-6719

SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5330

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 v…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5325

Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML vi…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5324

Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unsp…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-2379

Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.

CVSS: 4.3 CWE: CWE-79
Read more
2008-12-03
Medium

CVE-2008-5323

Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5322

Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function.

CVSS: 7.8 CWE: CWE-200
Read more
High

CVE-2008-5321

SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5320

SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2008-5080

awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: thi…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-5316

Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parame…

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2008-5315

Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors.

CVSS: 7.8 CWE: CWE-22
Read more
Medium

CVE-2008-5313

mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clam…

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5312

mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) cla…

CVSS: 6.9 CWE: CWE-59
Read more
High

CVE-2008-3058

Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka…

CVSS: 7.5 CWE: CWE-89
Read more
2008-12-02
High

CVE-2008-5311

SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5310

SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5309

SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 allows remote attackers to execute arbitrary SQL commands via the ad_id parameter in the re_send_email module to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5307

SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are ob…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5306

SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details…

CVSS: 7.5 CWE: CWE-89
Read more
2008-12-01
Medium

CVE-2008-5303

Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005…

CVSS: 6.9 CWE: CWE-362
Read more
Medium

CVE-2008-5302

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different…

CVSS: 6.9 CWE: CWE-362
Read more
Medium

CVE-2008-5301

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script…

CVSS: 6.4 CWE: CWE-22
Read more
Medium

CVE-2008-5299

chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.

CVSS: 6.9 CWE: CWE-59
Read more
High

CVE-2008-5297

Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLin…

CVSS: 7.6 CWE: CWE-119
Read more
Medium

CVE-2008-5296

Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of…

CVSS: 6.8 CWE: CWE-287
Read more
High

CVE-2008-5295

SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 allows remote attackers to execute arbitrary SQL commands via the show_emp parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5294

SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5293

SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5292

SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5291

Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a diff…

CVSS: 7.5 CWE: CWE-22
Read more
Medium

CVE-2008-5290

Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5289

SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5288

PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in…

CVSS: 6.8 CWE: CWE-94
Read more
High

CVE-2008-5287

SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4314

smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&p…

CVSS: 8.5 CWE: CWE-200
Read more