CVE List - 2008 / September
Showing 101 - 200 of 450 CVEs for September 2008 (Page 2 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2008-3947 | 2008-09-05 | DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line. |
| CVE-2008-3948 | 2008-09-05 | SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors. |
| CVE-2008-3951 | 2008-09-09 | SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter. |
| CVE-2008-3952 | 2008-09-09 | SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter. |
| CVE-2008-3953 | 2008-09-09 | SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter. |
| CVE-2008-3954 | 2008-09-09 | SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action. |
| CVE-2008-3955 | 2008-09-09 | SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page. |
| CVE-2008-3912 | 2008-09-09 | libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition. |
| CVE-2008-3913 | 2008-09-09 | Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic". |
| CVE-2008-3914 | 2008-09-09 | Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. |
| CVE-2008-3915 | 2008-09-09 | Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl. |
| CVE-2008-3956 | 2008-09-09 | orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file. |
| CVE-2008-3957 | 2008-09-09 | The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to... |
| CVE-2008-3958 | 2008-09-09 | IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach... |
| CVE-2008-3959 | 2008-09-09 | IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted... |
| CVE-2008-3960 | 2008-09-09 | Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via... |
| CVE-2007-5348 | 2008-09-10 | Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office... |
| CVE-2007-6717 | 2008-09-10 | Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors. |
| CVE-2008-2253 | 2008-09-10 | Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows... |
| CVE-2008-3007 | 2008-09-10 | Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow... |
| CVE-2008-3008 | 2008-09-10 | Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to... |
| CVE-2008-3012 | 2008-09-10 | gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003... |
| CVE-2008-3013 | 2008-09-10 | gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003... |
| CVE-2008-3014 | 2008-09-10 | Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP... |
| CVE-2008-3015 | 2008-09-10 | Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works... |
| CVE-2008-3539 | 2008-09-10 | Unspecified vulnerability in HP OpenView Select Identity (HPSI) Connectors on Windows, as used in HPSI Active Directory Connector 2.30 and earlier, HPSI SunOne Connector 1.14 and earlier, HPSI eDirectory Connector... |
| CVE-2008-3962 | 2008-09-10 | The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to... |
| CVE-2008-3963 | 2008-09-10 | MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers... |
| CVE-2008-3964 | 2008-09-10 | Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image... |
| CVE-2008-3965 | 2008-09-10 | SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field. |
| CVE-2008-3966 | 2008-09-10 | Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2)... |
| CVE-2008-3967 | 2008-09-10 | moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not properly check for moderator privileges, which has unknown impact and remote attack vectors. |
| CVE-2008-3968 | 2008-09-10 | Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter. |
| CVE-2008-3969 | 2008-09-10 | Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue... |
| CVE-2008-3970 | 2008-09-10 | pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via... |
| CVE-2008-3971 | 2008-09-10 | Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during... |
| CVE-2008-3972 | 2008-09-10 | pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit... |
| CVE-2008-4018 | 2008-09-10 | swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership... |
| CVE-2008-2464 | 2008-09-10 | The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and... |
| CVE-2008-2326 | 2008-09-10 | mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a... |
| CVE-2008-3612 | 2008-09-10 | The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a... |
| CVE-2008-3614 | 2008-09-10 | Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which... |
| CVE-2008-3615 | 2008-09-10 | ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code... |
| CVE-2008-3624 | 2008-09-10 | Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie... |
| CVE-2008-3625 | 2008-09-10 | Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie... |
| CVE-2008-3626 | 2008-09-10 | The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or... |
| CVE-2008-3627 | 2008-09-10 | Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms... |
| CVE-2008-3628 | 2008-09-10 | Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid... |
| CVE-2008-3629 | 2008-09-10 | Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. |
| CVE-2008-3630 | 2008-09-10 | mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in... |
| CVE-2008-3631 | 2008-09-10 | Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party... |
| CVE-2008-3632 | 2008-09-10 | Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application... |
| CVE-2008-3635 | 2008-09-10 | Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute... |
| CVE-2008-3636 | 2008-09-10 | Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported... |
| CVE-2008-3634 | 2008-09-10 | Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow... |
| CVE-2008-3584 | 2008-09-11 | NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not properly check the length of a PPPoE packet tag, which allows remote attackers to cause a denial of... |
| CVE-2008-4039 | 2008-09-11 | SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. |
| CVE-2008-4040 | 2008-09-11 | Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. |
| CVE-2008-4041 | 2008-09-11 | The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticated users to cause a denial of service (resource consumption and daemon crash) via a long IMAP APPEND... |
| CVE-2008-4043 | 2008-09-11 | Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php. |
| CVE-2008-4044 | 2008-09-11 | SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter. |
| CVE-2008-4045 | 2008-09-11 | Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3)... |
| CVE-2008-4046 | 2008-09-11 | SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. |
| CVE-2008-4047 | 2008-09-11 | Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap... |
| CVE-2008-4048 | 2008-09-11 | Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to... |
| CVE-2008-4049 | 2008-09-11 | A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method. |
| CVE-2008-4050 | 2008-09-11 | A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2)... |
| CVE-2008-4051 | 2008-09-11 | Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information... |
| CVE-2008-4052 | 2008-09-11 | Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service... |
| CVE-2008-4053 | 2008-09-11 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1)... |
| CVE-2008-4054 | 2008-09-11 | SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2008-4056 | 2008-09-11 | Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information... |
| CVE-2008-4057 | 2008-09-11 | Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem." |
| CVE-2008-4055 | 2008-09-11 | SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter. |
| CVE-2008-2932 | 2008-09-12 | Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via % (percent) encoded HTTP input... |
| CVE-2008-3274 | 2008-09-12 | The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the... |
| CVE-2008-3529 | 2008-09-12 | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long... |
| CVE-2008-3823 | 2008-09-12 | Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a... |
| CVE-2008-3824 | 2008-09-12 | Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary... |
| CVE-2008-3889 | 2008-09-12 | Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local... |
| CVE-2008-4071 | 2008-09-15 | A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via... |
| CVE-2008-4072 | 2008-09-15 | Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid... |
| CVE-2008-4073 | 2008-09-15 | SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action. |
| CVE-2008-4074 | 2008-09-15 | SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
| CVE-2008-4075 | 2008-09-15 | Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. |
| CVE-2008-4076 | 2008-09-15 | Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57... |
| CVE-2008-4077 | 2008-09-15 | The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST... |
| CVE-2008-4078 | 2008-09-15 | SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via... |
| CVE-2008-4079 | 2008-09-15 | Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution... |
| CVE-2008-4080 | 2008-09-15 | SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter... |
| CVE-2008-4081 | 2008-09-15 | admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. |
| CVE-2008-4082 | 2008-09-15 | SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search... |
| CVE-2008-4083 | 2008-09-15 | Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action... |
| CVE-2008-4084 | 2008-09-15 | SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action. |
| CVE-2008-4085 | 2008-09-15 | plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/. |
| CVE-2008-4086 | 2008-09-15 | SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. |
| CVE-2008-4087 | 2008-09-15 | Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with... |
| CVE-2008-4088 | 2008-09-15 | SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter. |
| CVE-2008-4089 | 2008-09-15 | Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. |
| CVE-2008-4090 | 2008-09-15 | SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than... |