CVE Daily
← All years

All CVEs — 2008

Page 5/35.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2008-11-18
Medium

CVE-2008-5138

passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5137

tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5136

tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5135

os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this iss…

CVSS: 6.2 CWE: CWE-59
Read more
Critical

CVE-2008-5134

Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact…

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2008-5132

SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5131

Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and th…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5126

Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5125

admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.

CVSS: 6.8 CWE: CWE-287
Read more
High

CVE-2008-5124

JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2008-5123

SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.

CVSS: 6.8 CWE: CWE-89
Read more
High

CVE-2008-5122

SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5120

Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2008-5119

Cross-site scripting (XSS) vulnerability in search.php in Scripts4Profit DXShopCart 4.30mc allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5117

Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via uns…

CVSS: 6.4 CWE: CWE-20
Read more
High

CVE-2008-5116

Directory traversal vulnerability in idm/includes/helpServer.jsp in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to read arbitrary files in the filesyste…

CVSS: 7.8 CWE: CWE-22
Read more
Medium

CVE-2008-5115

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for reques…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2008-5114

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allow remote attackers to inject arbitrary web script or HTML via unspecified…

CVSS: 4.3 CWE: CWE-79
Read more
2008-11-17
Medium

CVE-2008-5113

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF)…

CVSS: 4.0 CWE: CWE-352
Read more
Medium

CVE-2008-5112

The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitt…

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2008-5025

Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system cras…

CVSS: 7.8 CWE: CWE-119
Read more
Medium

CVE-2008-4832

rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue ex…

CVSS: 6.9 CWE: CWE-59
Read more
Critical

CVE-2008-0014

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2008-0013

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2008-0012

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2007-0074

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder re…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2007-0073

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2007-0072

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read oper…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2006-5269

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC inte…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2006-5268

Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface."

CVSS: 10.0 CWE: CWE-287
Read more
Medium

CVE-2008-5108

Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors.

CVSS: 6.8 CWE: CWE-94
Read more
Critical

CVE-2008-4824

Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to "input valid…

CVSS: 9.3 CWE: CWE-20
Read more
Low

CVE-2008-5107

The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these…

CVSS: 1.9 CWE: CWE-200
Read more
Critical

CVE-2008-5106

Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to an arbitrary command,…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2008-5105

KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a denial of service (daemon crash or hang) via certain (1) APPE, (2) CWD, (3) DELE, (4) MKD, (5) RMD, (6) RETR, (7) RNFR, (8) RNTO, (9…

CVSS: 5.0 CWE: CWE-20
Read more
Critical

CVE-2008-5101

Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5099

Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the S…

CVSS: 4.6 CWE: CWE-200
Read more
Medium

CVE-2008-5098

Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerabil…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4216

The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch…

CVSS: 4.3 CWE: CWE-200
Read more
Low

CVE-2008-3644

Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser…

CVSS: 1.9 CWE: CWE-200
Read more
Critical

CVE-2008-3623

Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute…

CVSS: 9.3 CWE: CWE-119
Read more
2008-11-14
High

CVE-2008-5097

SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5096

Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors.

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2008-5095

Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-5094

Heap-based buffer overflow in the NDS Service in Novell eDirectory before 8.8 SP3 has unknown impact and attack vectors.

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2008-5093

Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack (HTTPSTK) in Novell eDirectory before 8.8 SP3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-5092

Heap-based buffer overflows in Novell eDirectory HTTP protocol stack (HTTPSTK) before 8.8 SP3 have unknown impact and attack vectors related to the (1) HTTP language header and (2) HTTP content-lengt…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2008-5091

Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid exte…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2008-5090

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace…

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2008-5088

Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) questio…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5087

SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5076

htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via…

CVSS: 4.6 CWE: CWE-200
Read more
Medium

CVE-2008-5075

Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter t…

CVSS: 6.8 CWE: CWE-89
Read more
High

CVE-2008-5074

SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5073

Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5071

Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.

CVSS: 9.0 CWE: CWE-94
Read more
High

CVE-2008-5070

SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) profiles/index.php and (…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5069

SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
2008-11-13
Medium

CVE-2008-5068

Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter to index.php and the (2) searchtext para…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5067

Cross-site scripting (XSS) vulnerability in search.php in Kmita Catalogue 2.x allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this informa…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-5066

PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage pa…

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2008-5065

TlGuestBook 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlGuestBook_login cookie to admin.

CVSS: 7.5 CWE: CWE-287
Read more
High

CVE-2008-5064

SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5063

PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter.

CVSS: 10.0 CWE: CWE-94
Read more
Medium

CVE-2008-5062

Directory traversal vulnerability in php/cal_pdf.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to read arbitrary files via directory traversal sequences in the thefile parameter.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2008-5061

Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL.

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-5060

Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) r…

CVSS: 10.0 CWE: CWE-94
Read more
Medium

CVE-2008-5059

Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5058

SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5057

SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unk…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5056

Cross-site scripting (XSS) vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to inject arbitrary web script or HTML via the department_i…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5055

SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to ind…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5054

Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_logi…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5053

PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in th…

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2008-5024

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which…

CVSS: 7.5 CWE: CWE-91
Read more
High

CVE-2008-5023

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script…

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2008-5022

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to…

CVSS: 7.5 CWE: CWE-287
Read more
Critical

CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash)…

CVSS: 9.3 CWE: CWE-362
Read more
Medium

CVE-2008-5019

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and exe…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5015

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attacker…

CVSS: 5.1 CWE: CWE-94
Read more
Critical

CVE-2008-5014

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (cra…

CVSS: 10.0 CWE: CWE-20
Read more
Medium

CVE-2008-5012

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, whic…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2008-0017

The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which all…

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2008-5051

SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5050

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute…

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2008-5049

Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger Elite 3.3.0 and earlier, and possibly other versions including 3.3.3, allows local users to gain privileges via long inputs to the…

CVSS: 7.2 CWE: CWE-119
Read more
High

CVE-2008-5048

Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and earlier, and possibly 4.2.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via lon…

CVSS: 7.2 CWE: CWE-119
Read more
High

CVE-2008-5047

SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5046

SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5045

Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly other versions, allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 ch…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2008-4989

The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed cert…

CVSS: 5.9 CWE: CWE-295
Read more
2008-11-12
Medium

CVE-2008-5044

Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx…

CVSS: 4.0 CWE: CWE-362
Read more
Low

CVE-2008-5043

Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (…

CVSS: 3.5 CWE: CWE-79
Read more
Critical

CVE-2008-4037

Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by r…

CVSS: 9.3 CWE: CWE-287
Read more
Medium

CVE-2008-4033

Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensit…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2008-4029

Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML docu…

CVSS: 4.3 CWE: CWE-200
Read more
High

CVE-2008-5042

Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to bypass authentication and perform administrative tasks via a direct request to admin/home.php.

CVSS: 7.5 CWE: CWE-287
Read more
High

CVE-2008-5040

Graphiks MyForum 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the (1) myforum_login and (2) myforum_pass cookies to 1.

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2008-5039

Cross-site scripting (XSS) vulnerability in the League module for PHP-Nuke, possibly 2.4, allows remote attackers to inject arbitrary web script or HTML via the tid parameter in a team action to modu…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-5038

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of ser…

CVSS: 9.8 CWE: CWE-416
Read more
High

CVE-2008-5037

SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
2008-11-10
Critical

CVE-2008-5036

Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5034

master-filter in printfilters-ppd 2.13 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filter.debug temporary file. NOTE: the vendor disputes this vulnerability, sta…

CVSS: 6.9 CWE: CWE-59
Read more
Critical

CVE-2008-5032

Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modu…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5030

Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data.

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2008-4387

Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet E…

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2008-5028

Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution o…

CVSS: 6.8 CWE: CWE-352
Read more
Low

CVE-2008-5026

Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2008-5011

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allow remote attackers to inject arbitrary web script or HTML via unspecified vect…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5009

Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the…

CVSS: 4.0 CWE: CWE-362
Read more
Critical

CVE-2008-5008

Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when "extreme low conversion ratios" are used, allows user-assisted attackers to have an unknown impac…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5007

create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary…

CVSS: 6.9 CWE: CWE-59
Read more
Critical

CVE-2008-5005

Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users t…

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2008-5004

SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5003

SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5002

Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbit…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2008-5001

Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugi…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5000

SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the…

CVSS: 6.8 CWE: CWE-89
Read more
Medium

CVE-2008-4823

Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an A…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4821

Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.

CVSS: 4.3 CWE: CWE-200
Read more