CVE List - 2008 / July
Showing 401 - 500 of 520 CVEs for July 2008 (Page 5 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2008-3310 | 2008-07-25 | SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| CVE-2008-3311 | 2008-07-25 | PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. |
| CVE-2008-3312 | 2008-07-25 | Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the... |
| CVE-2008-3313 | 2008-07-25 | Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2)... |
| CVE-2008-3314 | 2008-07-25 | ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference. |
| CVE-2008-3315 | 2008-07-25 | Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c)... |
| CVE-2008-3316 | 2008-07-25 | Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably... |
| CVE-2008-3317 | 2008-07-25 | admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. |
| CVE-2008-3318 | 2008-07-25 | admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. |
| CVE-2008-3319 | 2008-07-25 | admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. |
| CVE-2008-3320 | 2008-07-25 | admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. |
| CVE-2008-3321 | 2008-07-25 | admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. |
| CVE-2008-3322 | 2008-07-25 | admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. |
| CVE-2008-3325 | 2008-07-25 | Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link... |
| CVE-2008-3326 | 2008-07-25 | Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog... |
| CVE-2008-3327 | 2008-07-25 | Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an... |
| CVE-2008-2951 | 2008-07-27 | Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the... |
| CVE-2008-3328 | 2008-07-27 | Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| CVE-2008-3329 | 2008-07-27 | Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." |
| CVE-2008-3330 | 2008-07-27 | Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name. |
| CVE-2008-3331 | 2008-07-27 | Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. |
| CVE-2008-3332 | 2008-07-27 | Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. |
| CVE-2008-3333 | 2008-07-27 | Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php). |
| CVE-2008-3334 | 2008-07-27 | Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. |
| CVE-2008-3335 | 2008-07-27 | Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors. |
| CVE-2008-3336 | 2008-07-27 | Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php. |
| CVE-2008-3339 | 2008-07-28 | search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message. |
| CVE-2008-3340 | 2008-07-28 | Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbex JobSite allows remote attackers to inject arbitrary web script or HTML via the searchFor variable (possibly the opt parameter.) |
| CVE-2008-3341 | 2008-07-28 | Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex JobSite allow remote attackers to execute arbitrary SQL commands via the (1) jobcountryid and (2) jobstateid parameters. NOTE: the provenance of this... |
| CVE-2008-3342 | 2008-07-28 | Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action. |
| CVE-2008-3343 | 2008-07-28 | SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action. |
| CVE-2008-3344 | 2008-07-28 | Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml,... |
| CVE-2008-3345 | 2008-07-28 | SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter... |
| CVE-2008-3346 | 2008-07-28 | SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter. |
| CVE-2008-3347 | 2008-07-28 | SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter. |
| CVE-2008-3348 | 2008-07-28 | Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the year parameter. |
| CVE-2007-5400 | 2008-07-28 | Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file. |
| CVE-2008-1946 | 2008-07-28 | The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account... |
| CVE-2008-3064 | 2008-07-28 | Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource... |
| CVE-2008-3066 | 2008-07-28 | Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by... |
| CVE-2008-3323 | 2008-07-28 | setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list... |
| CVE-2008-3349 | 2008-07-28 | Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or... |
| CVE-2008-3350 | 2008-07-28 | dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent... |
| CVE-2008-3351 | 2008-07-28 | SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action. |
| CVE-2008-3352 | 2008-07-28 | SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action. |
| CVE-2008-3353 | 2008-07-28 | Multiple cross-site scripting (XSS) vulnerabilities in Pure Software Lore before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) article comments... |
| CVE-2008-3354 | 2008-07-28 | Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1)... |
| CVE-2008-3355 | 2008-07-28 | SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. |
| CVE-2008-1667 | 2008-07-29 | The Probe Builder Service (aka PBOVISServer.exe) in European Performance Systems (EPS) Probe Builder 2.2 before A.02.20.901, as used in HP OpenView Internet Services (OVIS) on Windows, allows remote attackers to... |
| CVE-2008-3100 | 2008-07-29 | Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2008-3359 | 2008-07-29 | SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE:... |
| CVE-2008-3360 | 2008-07-29 | Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a... |
| CVE-2008-3361 | 2008-07-29 | Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header. |
| CVE-2008-3362 | 2008-07-30 | Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an... |
| CVE-2008-3363 | 2008-07-30 | Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in... |
| CVE-2008-3364 | 2008-07-30 | Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0;... |
| CVE-2008-3365 | 2008-07-30 | Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in... |
| CVE-2008-3366 | 2008-07-30 | SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774. |
| CVE-2008-3367 | 2008-07-30 | Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x before 4.03 allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2008-3368 | 2008-07-30 | PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter. |
| CVE-2008-3369 | 2008-07-30 | SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. |
| CVE-2008-3370 | 2008-07-30 | SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field. |
| CVE-2008-3371 | 2008-07-30 | Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language... |
| CVE-2008-3372 | 2008-07-30 | SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. |
| CVE-2008-3373 | 2008-07-30 | The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a... |
| CVE-2008-3374 | 2008-07-30 | SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action. |
| CVE-2008-3375 | 2008-07-30 | The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. |
| CVE-2008-3377 | 2008-07-30 | SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter. |
| CVE-2008-3378 | 2008-07-30 | SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter. |
| CVE-2008-3379 | 2008-07-30 | Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the pic parameter to the default URI. NOTE: the provenance of... |
| CVE-2008-3376 | 2008-07-30 | Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors. |
| CVE-2008-3380 | 2008-07-30 | Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter. |
| CVE-2008-3381 | 2008-07-30 | Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2008-3382 | 2008-07-30 | SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. |
| CVE-2008-3383 | 2008-07-30 | SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action. |
| CVE-2008-3384 | 2008-07-30 | Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the... |
| CVE-2008-3385 | 2008-07-30 | Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the... |
| CVE-2008-3386 | 2008-07-30 | SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086. |
| CVE-2008-3387 | 2008-07-30 | SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter. |
| CVE-2008-3388 | 2008-07-30 | Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php. |
| CVE-2008-3390 | 2008-07-31 | Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in... |
| CVE-2008-3391 | 2008-07-31 | Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp. |
| CVE-2008-3392 | 2008-07-31 | Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp. |
| CVE-2008-3393 | 2008-07-31 | SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter. |
| CVE-2008-3394 | 2008-07-31 | Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters. |
| CVE-2008-3395 | 2008-07-31 | Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance... |
| CVE-2008-3396 | 2008-07-31 | Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets. |
| CVE-2008-3398 | 2008-07-31 | Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE:... |
| CVE-2008-3399 | 2008-07-31 | PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter. |
| CVE-2008-3400 | 2008-07-31 | XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function. |
| CVE-2008-3401 | 2008-07-31 | PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. |
| CVE-2008-3402 | 2008-07-31 | Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php... |
| CVE-2008-3403 | 2008-07-31 | SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| CVE-2008-3404 | 2008-07-31 | Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter. |
| CVE-2008-3405 | 2008-07-31 | Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter. |
| CVE-2008-3406 | 2008-07-31 | SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| CVE-2008-3407 | 2008-07-31 | phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie. |
| CVE-2008-3397 | 2008-07-31 | Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie. |
| CVE-2008-3408 | 2008-07-31 | Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file. |
| CVE-2008-3409 | 2008-07-31 | Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a... |