CVE Daily
← All years

All CVEs — 2008

Page 7/35.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2008-11-01
Medium

CVE-2008-4872

Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of thi…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4871

Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags.

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2008-4870

dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.

CVSS: 2.1 CWE: CWE-732
Read more
Critical

CVE-2008-4867

Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_S…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2008-4866

Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS…

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2008-4864

Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large intege…

CVSS: 7.5 CWE: CWE-190
Read more
2008-10-31
Medium

CVE-2008-4309

Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denia…

CVSS: 5.0 CWE: CWE-20
Read more
High

CVE-2008-4810

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dolla…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2008-4808

IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2008-4806

Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE:…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-4805

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input,…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2007-6432

Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a malformed .PMD file, related to "Key Strings," a di…

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2008-4804

SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of t…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-4803

Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.4 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. NOTE:…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4802

Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of t…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-4801

Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.…

CVSS: 10.0 CWE: CWE-119
Read more
2008-10-30
Critical

CVE-2008-4798

The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2008-4797

Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote attackers to read arbitrary files via unknown vectors.

CVSS: 5.0 CWE: CWE-22
Read more
Critical

CVE-2008-4796

The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other p…

CVSS: 10.0 CWE: CWE-78
Read more
Medium

CVE-2008-4795

The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site sc…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-4794

Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2008-2238

Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite docu…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-2237

Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2007-6021

Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2007-5394

Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure, a differen…

CVSS: 9.3 CWE: CWE-119
Read more
2008-10-29
High

CVE-2008-4786

SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4785

SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4784

aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php…

CVSS: 7.5 CWE: CWE-287
Read more
High

CVE-2008-4783

tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."

CVSS: 7.5 CWE: CWE-287
Read more
High

CVE-2008-4782

SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4781

Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.

CVSS: 7.5 CWE: CWE-22
Read more
Medium

CVE-2008-4780

Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal se…

CVSS: 6.8 CWE: CWE-22
Read more
Critical

CVE-2008-4779

Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2008-4778

SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4777

SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.

CVSS: 7.5 CWE: CWE-89
Read more
2008-10-28
Medium

CVE-2008-4776

libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.

CVSS: 4.3 CWE: CWE-119
Read more
Low

CVE-2008-4775

Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inj…

CVSS: 2.6 CWE: CWE-79
Read more
Medium

CVE-2008-4774

Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4773

Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbitrary local files via a .. (dot dot) in the theme parameter.

CVSS: 5.0 CWE: CWE-22
Read more
High

CVE-2008-4772

SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-4771

Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3)…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-4769

Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbit…

CVSS: 9.3 CWE: CWE-22
Read more
High

CVE-2008-4768

SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-…

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-4767

Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions,…

CVSS: 9.0 CWE: CWE-20
Read more
High

CVE-2008-4766

SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4765

SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-4764

Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2008-4763

Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable.

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-4762

Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rena…

CVSS: 9.0 CWE: CWE-119
Read more
Medium

CVE-2008-4761

Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsM…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4760

SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 6.8 CWE: CWE-89
Read more
Medium

CVE-2008-4759

Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2008-4758

Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter.

CVSS: 5.0 CWE: CWE-22
Read more
High

CVE-2008-4757

Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php;…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-4756

Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-4755

SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
2008-10-27
Medium

CVE-2008-4754

SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.

CVSS: 5.8 CWE: CWE-89
Read more
High

CVE-2008-4753

SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4752

TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2008-4751

Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597.

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-4750

Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogF…

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2008-4748

Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) an…

CVSS: 7.6 CWE: CWE-20
Read more
Low

CVE-2008-4747

Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LD…

CVSS: 2.1 CWE: CWE-200
Read more
High

CVE-2008-4746

Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-4745

Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-4744

SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4743

SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-4742

Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name para…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4741

Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2008-4740

Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include a…

CVSS: 5.1 CWE: CWE-22
Read more
2008-10-24
Medium

CVE-2008-4739

Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi…

CVSS: 6.8 CWE: CWE-22
Read more
High

CVE-2008-4738

SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-4737

Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the dom parameter.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-4736

SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4735

PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file p…

CVSS: 8.5 CWE: CWE-94
Read more
High

CVE-2008-4734

Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as a…

CVSS: 7.5 CWE: CWE-352
Read more
Medium

CVE-2008-4733

Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) replyto…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-4732

SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-4730

Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_trust_root parameter and an inconsistent openid_retur…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4729

Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) in Hummingbird Xweb ActiveX Control 13.0 and earlier allows remote attackers to execute arbitrary code via a lo…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2008-4727

Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContacts) in SunGard Banner Student 7.3 allows remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-4726

Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3)…

CVSS: 9.0 CWE: CWE-119
Read more
2008-10-23
Medium

CVE-2008-4725

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage i…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4724

Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG,…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4723

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-4722

Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service…

CVSS: 9.0 CWE: CWE-287
Read more
Medium

CVE-2008-4697

The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which all…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-4696

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), whic…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-4695

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet fro…

CVSS: 9.3 CWE: CWE-200
Read more
Critical

CVE-2008-4694

Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a redirect that specifies a crafted URL.

CVSS: 9.3 CWE: CWE-59
Read more
Critical

CVE-2008-4250

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a craf…

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2008-3863

Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assist…

CVSS: 7.6 CWE: CWE-119
Read more
Critical

CVE-2008-3862

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2008-3815

Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)3, 7.1 before 7.1(2)78, 7.2 before 7.2(4)16, 8.0 before 8.0(4)6, and 8.1…

CVSS: 4.3 CWE: CWE-287
Read more
Critical

CVE-2008-2469

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modifie…

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2008-4721

PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."

CVSS: 7.5 CWE: CWE-200
Read more
Critical

CVE-2008-4720

Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2)…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2008-4719

PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a U…

CVSS: 9.3 CWE: CWE-94
Read more
High

CVE-2008-4718

Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_f…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2008-4717

SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4716

SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4715

SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4714

Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password cookies, which probably allows remote attackers to bypass authentication and gain administrative ac…

CVSS: 7.5 CWE: CWE-287
Read more
High

CVE-2008-4713

SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-4712

Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (…

CVSS: 6.8 CWE: CWE-22
Read more
Medium

CVE-2008-4711

SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) vie…

CVSS: 6.8 CWE: CWE-89
Read more
Medium

CVE-2008-4710

Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vect…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-4709

SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4708

BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by setting the phorum_admin_session cookie to 1.

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2008-4707

Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access unauthorized directories via a .. (dot dot) in the lien_2 parameter.

CVSS: 5.0 CWE: CWE-22
Read more
High

CVE-2008-4706

SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1)…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-4705

SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-4704

PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2008-4703

SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter.

CVSS: 7.5 CWE: CWE-89
Read more
2008-10-22
High

CVE-2008-4702

Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[templ…

CVSS: 7.5 CWE: CWE-22
Read more
Medium

CVE-2008-4701

SQL injection vulnerability in admin.php in Libera CMS 1.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_user cookie parameter, a…

CVSS: 6.8 CWE: CWE-89
Read more
Medium

CVE-2008-4700

SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie…

CVSS: 6.8 CWE: CWE-89
Read more
Medium

CVE-2008-4693

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASS…

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2008-4689

Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.

CVSS: 7.5 CWE: CWE-287
Read more
Medium

CVE-2008-4688

core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before composing a link with issue data in the source anchor, which allows remote attackers to discover an issue…

CVSS: 5.0 CWE: CWE-200
Read more