CVE Daily
← All years

All CVEs — 2008

Page 1/35.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2008-12-31
Medium

CVE-2008-5807

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEd…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5806

SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field).…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5805

SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than C…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5804

SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5803

SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5802

SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5801

Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2008-5800

SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5799

Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5798

SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5797

SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5796

SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5795

Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspe…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5794

Directory traversal vulnerability in system/admin/images.php in LoveCMS 1.6.2 Final allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2008-5793

Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (…

CVSS: 6.8 CWE: CWE-94
Read more
Medium

CVE-2008-5792

PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter…

CVSS: 6.8 CWE: CWE-94
Read more
High

CVE-2008-5790

Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLO…

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2008-5789

Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in t…

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2008-5788

SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5787

Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, in conjunction with a show action.

CVSS: 5.4 CWE: CWE-22
Read more
Medium

CVE-2008-5786

Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5785

SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5784

V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

CVSS: 9.8 CWE: CWE-565
Read more
High

CVE-2008-5783

admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.

CVSS: 7.5 CWE: CWE-287
Read more
High

CVE-2008-5782

SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
2008-12-30
High

CVE-2008-5781

SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5779

SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5778

SQL injection vulnerability in report.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5777

SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5776

Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to…

CVSS: 7.5 CWE: CWE-22
Read more
High

CVE-2008-5775

SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5774

Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp an…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5772

Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro para…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5771

Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.

CVSS: 7.5 CWE: CWE-22
Read more
Medium

CVE-2008-5770

Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5769

Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or t…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5768

SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5767

SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5766

SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5764

PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.

CVSS: 9.3 CWE: CWE-94
Read more
High

CVE-2008-5763

PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path para…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2008-5761

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default UR…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5760

Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these d…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5759

Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to i…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5758

Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages.

CVSS: 6.8 CWE: CWE-352
Read more
Low

CVE-2008-5757

Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body par…

CVSS: 3.5 CWE: CWE-79
Read more
Critical

CVE-2008-5756

Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mappi…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5755

Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5754

Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5753

Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host p…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5752

Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary…

CVSS: 4.3 CWE: CWE-22
Read more
High

CVE-2008-5751

SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.

CVSS: 7.5 CWE: CWE-89
Read more
2008-12-29
Medium

CVE-2008-5750

Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.

CVSS: 6.8 CWE: CWE-94
Read more
Medium

CVE-2008-5749

Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a thir…

CVSS: 6.8 CWE: CWE-94
Read more
High

CVE-2008-5748

Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.

CVSS: 8.1 CWE: CWE-22
Read more
Medium

CVE-2008-5746

Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.

CVSS: 6.9 CWE: CWE-59
Read more
High

CVE-2008-4539

Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console fo…

CVSS: 7.2 CWE: CWE-119
Read more
2008-12-26
Medium

CVE-2008-5743

pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.

CVSS: 6.9 CWE: CWE-59
Read more
Medium

CVE-2008-5742

Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a…

CVSS: 4.0 CWE: CWE-59
Read more
Medium

CVE-2008-5498

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument…

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2008-5739

SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5737

SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2008-5735

Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5734

Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2008-5733

SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2008-5732

Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing…

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2008-5730

Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the a…

CVSS: 7.5 CWE: CWE-20
Read more
Medium

CVE-2008-5729

Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKedi…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5728

Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrar…

CVSS: 5.1 CWE: CWE-22
Read more
Medium

CVE-2008-5727

SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the…

CVSS: 6.8 CWE: CWE-89
Read more
High

CVE-2008-5726

SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2008-5723

Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors.

CVSS: 5.0 CWE: CWE-22
Read more
Critical

CVE-2008-5722

Buffer overflow in SAWStudio 3.9i allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long SAWSTUDIO PREFERENCES STRUCT va…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2008-5721

SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors.

CVSS: 5.0 CWE: CWE-287
Read more
Medium

CVE-2008-5720

Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.sea…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5719

Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages befor…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-5718

The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a…

CVSS: 9.3 CWE: CWE-78
Read more
Medium

CVE-2008-5717

Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote att…

CVSS: 4.3 CWE: CWE-79
Read more
2008-12-24
Medium

CVE-2008-5715

Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash).…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2008-5712

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOL…

CVSS: 5.0 CWE: CWE-20
Read more
Critical

CVE-2008-5711

Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2008-5709

Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated…

CVSS: 9.0 CWE: CWE-20
Read more
High

CVE-2008-5708

redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisad…

CVSS: 7.5 CWE: CWE-287
Read more
High

CVE-2008-5707

SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter.

CVSS: 7.5 CWE: CWE-89
Read more
2008-12-23
Critical

CVE-2008-5557

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a c…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2008-5514

Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other appl…

CVSS: 4.3 CWE: CWE-119
Read more
Critical

CVE-2008-4305

Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via th…

CVSS: 9.0 CWE: CWE-94
Read more
Critical

CVE-2008-4304

general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment varia…

CVSS: 10.0 CWE: CWE-78
Read more
Medium

CVE-2008-4303

Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecifie…

CVSS: 6.8 CWE: CWE-89
Read more
Critical

CVE-2008-2434

The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update s…

CVSS: 9.3 CWE: CWE-94
Read more
2008-12-22
Medium

CVE-2008-5706

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /…

CVSS: 6.9 CWE: CWE-59
Read more
Critical

CVE-2008-5705

The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary…

CVSS: 9.3 CWE: CWE-20
Read more
High

CVE-2008-5704

src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different…

CVSS: 7.6 CWE: CWE-59
Read more
Medium

CVE-2008-5703

gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) example…

CVSS: 6.2 CWE: CWE-59
Read more
High

CVE-2008-5702

Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_S…

CVSS: 7.2 CWE: CWE-119
Read more
Medium

CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query…

CVSS: 5.1 CWE: CWE-89
Read more
2008-12-19
High

CVE-2008-5695

wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_option…

CVSS: 8.5 CWE: CWE-20
Read more
Critical

CVE-2008-5694

PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue…

CVSS: 10.0 CWE: CWE-94
Read more
Medium

CVE-2008-5693

Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appe…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2008-5692

Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp foll…

CVSS: 5.0 CWE: CWE-287
Read more
Critical

CVE-2008-5691

Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5688

MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote…

CVSS: 4.3 CWE: CWE-200
Read more
High

CVE-2008-5686

IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allow…

CVSS: 8.5 CWE: CWE-287
Read more
Medium

CVE-2008-5252

Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unsp…

CVSS: 5.8 CWE: CWE-352
Read more
Low

CVE-2008-5250

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browse…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2008-5249

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2008-5078

Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to e…

CVSS: 6.8 CWE: CWE-119
Read more
High

CVE-2008-4122

Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an htt…

CVSS: 7.5 CWE: CWE-319
Read more
Medium

CVE-2008-1094

SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a…

CVSS: 6.5 CWE: CWE-89
Read more
Low

CVE-2008-0971

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before…

CVSS: 3.5 CWE: CWE-79
Read more
High

CVE-2008-5683

Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.

CVSS: 7.8 CWE: CWE-200
Read more
Medium

CVE-2008-5682

Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2008-5680

Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary cod…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2008-5678

Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demons…

CVSS: 4.0 CWE: CWE-20
Read more
High

CVE-2008-5677

Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary c…

CVSS: 7.1 CWE: CWE-20
Read more
Critical

CVE-2008-5674

Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and…

CVSS: 9.4 CWE: CWE-20
Read more
Medium

CVE-2008-5672

Multiple cross-site request forgery (CSRF) vulnerabilities in PHParanoid before 0.4 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) admin.php or (2) p…

CVSS: 6.8 CWE: CWE-352
Read more
High

CVE-2008-5671

PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a U…

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2008-5669

index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2008-5668

Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) th…

CVSS: 4.3 CWE: CWE-79
Read more