CVE List - 2008 / June
Showing 401 - 437 of 437 CVEs for June 2008 (Page 5 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2008-2904 | 2008-06-30 | SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| CVE-2008-2905 | 2008-06-30 | PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a... |
| CVE-2008-2906 | 2008-06-30 | SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the tsk_id parameter. |
| CVE-2008-2907 | 2008-06-30 | SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the eml parameter. |
| CVE-2008-2908 | 2008-06-30 | Multiple stack-based buffer overflows in a certain ActiveX control in ienipp.ocx in Novell iPrint Client for Windows before 4.36 allow remote attackers to execute arbitrary code via a long value... |
| CVE-2008-2909 | 2008-06-30 | SQL injection vulnerability in results.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the searchtype parameter. |
| CVE-2008-2910 | 2008-06-30 | Buffer overflow in the DXTTextOutEffect ActiveX control (aka the Text-Effect DXT Filter), as distributed in TextOut.dll 6.0.18.1 and mvtextout.dll, in muvee autoProducer 6.0 and 6.1 allows remote attackers to execute... |
| CVE-2008-2911 | 2008-06-30 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Contenido 4.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) contenido, (2) Belang, and (3) username parameters. |
| CVE-2008-2912 | 2008-06-30 | Multiple PHP remote file inclusion vulnerabilities in Contenido CMS 4.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenido_path parameter to (a) contenido/backend_search.php; the... |
| CVE-2008-2913 | 2008-06-30 | Directory traversal vulnerability in func.php in Devalcms 1.4a, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the currentpath... |
| CVE-2008-2914 | 2008-06-30 | SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE:... |
| CVE-2008-2915 | 2008-06-30 | Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php (aka the search module) in Pre Job Board allow remote attackers to execute arbitrary SQL commands via the (1) position or (2) kw parameter. |
| CVE-2008-2916 | 2008-06-30 | Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to showcategory.php... |
| CVE-2008-2917 | 2008-06-30 | SQL injection vulnerability in productsofcat.asp in E-SMART CART allows remote attackers to execute arbitrary SQL commands via the category_id parameter. |
| CVE-2008-2918 | 2008-06-30 | SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3. |
| CVE-2008-2919 | 2008-06-30 | SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the sort parameter. |
| CVE-2008-2920 | 2008-06-30 | admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and earlier does not require authentication, which allows remote attackers to create, modify, read, and delete files. |
| CVE-2008-2921 | 2008-06-30 | SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. |
| CVE-2008-2922 | 2008-06-30 | Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long... |
| CVE-2008-2923 | 2008-06-30 | Cross-site scripting (XSS) vulnerability in read/search/results in Lyris ListManager 8.8, 8.95, and 9.3d allows remote attackers to inject arbitrary web script or HTML via the words parameter. |
| CVE-2008-2924 | 2008-06-30 | Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-2925 | 2008-06-30 | SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2008-2942 | 2008-06-30 | Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file. |
| CVE-2006-5265 | 2008-06-30 | Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed... |
| CVE-2006-5266 | 2008-06-30 | Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to... |
| CVE-2008-2365 | 2008-06-30 | Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a... |
| CVE-2008-2943 | 2008-06-30 | Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using... |
| CVE-2008-2944 | 2008-06-30 | Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause... |
| CVE-2008-0598 | 2008-06-30 | Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a... |
| CVE-2008-2462 | 2008-06-30 | Cross-site scripting (XSS) vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2008-2729 | 2008-06-30 | arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain... |
| CVE-2008-2945 | 2008-06-30 | Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which... |
| CVE-2008-2946 | 2008-06-30 | The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed... |
| CVE-2008-2947 | 2008-06-30 | Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for... |
| CVE-2008-2948 | 2008-06-30 | Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 allows remote attackers to change the location property of a frame via the Object data type, and use a frame from... |
| CVE-2008-2949 | 2008-06-30 | Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from... |
| CVE-2008-2956 | 2008-07-01 | Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed... |
| CVE-2008-2308 | 2008-07-01 | Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption... |
| CVE-2008-2309 | 2008-07-01 | Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does... |
| CVE-2008-2310 | 2008-07-01 | Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a... |
| CVE-2008-2311 | 2008-07-01 | Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a... |
| CVE-2008-2313 | 2008-07-01 | Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. |
| CVE-2008-2314 | 2008-07-01 | Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode... |
| CVE-2008-2952 | 2008-07-01 | liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error. |
| CVE-2008-2953 | 2008-07-01 | Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via "partial file list requests" that trigger a NULL pointer dereference. |
| CVE-2008-2954 | 2008-07-01 | client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read. |
| CVE-2008-2955 | 2008-07-01 | Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash... |
| CVE-2008-2957 | 2008-07-01 | The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption)... |
| CVE-2008-2958 | 2008-07-01 | Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories. |
| CVE-2008-2372 | 2008-07-02 | The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which... |
| CVE-2008-2826 | 2008-07-02 | Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of... |
| CVE-2008-2959 | 2008-07-02 | Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to... |
| CVE-2008-2960 | 2008-07-02 | Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors... |
| CVE-2008-2961 | 2008-07-02 | Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p... |
| CVE-2008-2962 | 2008-07-02 | Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) sort parameters to index.php, and the (3)... |
| CVE-2008-2963 | 2008-07-02 | Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php... |
| CVE-2008-2964 | 2008-07-02 | SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-2965 | 2008-07-02 | Cross-site scripting (XSS) vulnerability in viewforum.php in JaxUltraBB (JUBB) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter. |
| CVE-2008-2966 | 2008-07-02 | Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information. |
| CVE-2008-2967 | 2008-07-02 | Multiple cross-site scripting (XSS) vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) query... |
| CVE-2008-2968 | 2008-07-02 | SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter. |
| CVE-2008-2969 | 2008-07-02 | Directory traversal vulnerability in download.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the... |
| CVE-2008-2970 | 2008-07-02 | Multiple session fixation vulnerabilities in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allow remote attackers to hijack web sessions by setting the PHPSESSID parameter to (1) index.php... |
| CVE-2008-2971 | 2008-07-02 | SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-2972 | 2008-07-02 | SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action. |
| CVE-2008-2973 | 2008-07-02 | Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters. |
| CVE-2008-2974 | 2008-07-02 | Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang... |
| CVE-2008-2975 | 2008-07-02 | Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.php in TinX/cms 1.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter. |
| CVE-2008-2976 | 2008-07-02 | Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter... |
| CVE-2008-2977 | 2008-07-02 | Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the include_connection parameter to (1) edit_top_feature.php and (2)... |
| CVE-2008-2978 | 2008-07-02 | Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the prefix... |
| CVE-2008-2979 | 2008-07-02 | Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters. |
| CVE-2008-2980 | 2008-07-02 | Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift]... |
| CVE-2008-2981 | 2008-07-02 | PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template... |
| CVE-2008-2982 | 2008-07-02 | Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1)... |
| CVE-2008-2983 | 2008-07-02 | SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-2984 | 2008-07-02 | Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter. |
| CVE-2008-2985 | 2008-07-02 | Directory traversal vulnerability in load_language.php in CMReams CMS 1.3.1.1 Beta 2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in... |
| CVE-2008-2986 | 2008-07-02 | Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php... |
| CVE-2008-2987 | 2008-07-02 | Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php... |
| CVE-2008-2988 | 2008-07-02 | Unrestricted file upload vulnerability in admin/upload.php in Benja CMS 0.1 allows remote attackers to upload and execute arbitrary PHP files via unspecified vectors, followed by a direct request to the... |
| CVE-2008-2989 | 2008-07-02 | SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary SQL commands via the go parameter. |
| CVE-2008-2990 | 2008-07-02 | PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2008-2993 | 2008-07-03 | Multiple directory traversal vulnerabilities in index.php in FOG Forum 0.8.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) fog_lang and... |
| CVE-2008-2994 | 2008-07-03 | Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and... |
| CVE-2008-2995 | 2008-07-03 | Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php. |
| CVE-2008-2996 | 2008-07-03 | Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter... |
| CVE-2008-2997 | 2008-07-03 | Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit... |
| CVE-2008-2998 | 2008-07-03 | Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-2999 | 2008-07-03 | Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2008-3000 | 2008-07-03 | The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions. |
| CVE-2008-3001 | 2008-07-03 | The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of... |
| CVE-2008-3022 | 2008-07-07 | Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3)... |
| CVE-2008-3023 | 2008-07-07 | Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script... |
| CVE-2008-3024 | 2008-07-07 | Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/. |
| CVE-2008-3025 | 2008-07-07 | SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action. |
| CVE-2008-3026 | 2008-07-07 | SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-3027 | 2008-07-07 | SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php. |
| CVE-2008-3028 | 2008-07-07 | Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-3029 | 2008-07-07 | Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |