The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-5796 | SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Dec 31, 2008 |
| CVE-2008-5797 | SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Dec 31, 2008 |
| CVE-2008-5798 | SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Dec 31, 2008 |
| CVE-2008-5799 | Cross-site scripting (XSS) vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Dec 31, 2008 |
| CVE-2008-5802 | SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | High | Dec 31, 2008 |
| CVE-2008-5804 | SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. | High | Dec 31, 2008 |
| CVE-2008-5805 | SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828. | High | Dec 31, 2008 |
| CVE-2008-5806 | SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information. | High | Dec 31, 2008 |
| CVE-2008-4270 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5416. Reason: This candidate is a duplicate of CVE-2008-5416. Notes: All CVE users should reference CVE-2008-5416 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | REJECT | Dec 30, 2008 |
| CVE-2008-4539 | Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX bitblt heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. | High | Dec 30, 2008 |
| CVE-2008-5746 | Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.http://sunsolve.sun.com/search/document.do?assetkey=1-26-248646-1 This issue can occur in the following releases: SPARC Platform * Sun SNMP Management Agent SUNWmasf 1.4u2 thru 1.5.4 (For Solaris 8, 9 and 10) | Medium | Dec 30, 2008 |
| CVE-2008-5747 | F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a corrupted header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor. | Medium | Dec 30, 2008 |
| CVE-2008-5748 | Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters. | Medium | Dec 30, 2008 |
| CVE-2008-5749 | ** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome will ask for user permission and cannot launch the applet even [if] you have given out the permission. | Medium | Dec 30, 2008 |
| CVE-2008-5750 | Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. | Medium | Dec 30, 2008 |
| CVE-2008-5751 | SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action. | High | Dec 30, 2008 |
| CVE-2008-5752 | Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information. | Medium | Dec 30, 2008 |
| CVE-2008-5753 | Stack-based buffer overflow in BulletProof FTP Client 2.63 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name. | High | Dec 30, 2008 |
| CVE-2008-5754 | Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753. | High | Dec 30, 2008 |
| CVE-2008-5755 | Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494. | Medium | Dec 30, 2008 |
| CVE-2008-5756 | Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file. | Medium | Dec 30, 2008 |
| CVE-2008-5757 | Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information. | Low | Dec 30, 2008 |
| CVE-2008-5758 | Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages. | Medium | Dec 30, 2008 |
| CVE-2008-5759 | Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Dec 30, 2008 |
| CVE-2008-5760 | Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. | Medium | Dec 30, 2008 |
| CVE-2008-5498 | Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. | Medium | Dec 29, 2008 |
| CVE-2008-5717 | Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Dec 29, 2008 |
| CVE-2008-5718 | The papd daemon in Netatalk before 2.0.4-beta2 allows remote attackers to execute arbitrary commands via shell metacharacters in a print request. NOTE: some of these details are obtained from third party information. | High | Dec 29, 2008 |
| CVE-2008-5719 | Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Dec 29, 2008 |
| CVE-2008-5720 | Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions. | Medium | Dec 29, 2008 |
| CVE-2008-5721 | SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | Medium | Dec 29, 2008 |
| CVE-2008-5722 | Buffer overflow in SAWStudio 3.9i allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long SAWSTUDIO PREFERENCES STRUCT value in a .prf (preferences) file. | High | Dec 29, 2008 |
| CVE-2008-5723 | Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors. | Medium | Dec 29, 2008 |
| CVE-2008-5724 | The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \\Device\\Epfw that overwrites portions of memory. | High | Dec 29, 2008 |
| CVE-2008-5725 | The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \\Device\\Powerstrip1 that overwrites portions of memory. | High | Dec 29, 2008 |
| CVE-2008-5726 | SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Dec 29, 2008 |
| CVE-2008-5727 | SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string. | Medium | Dec 29, 2008 |
| CVE-2008-5728 | Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/. | Medium | Dec 29, 2008 |
| CVE-2008-5729 | Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php. | Medium | Dec 29, 2008 |
| CVE-2008-5730 | Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a sequence in a cookie and (2) the add.php file. | High | Dec 29, 2008 |
| CVE-2008-5731 | The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a Driver Collapse. NOTE: some of these details are obtained from third party information. | Low | Dec 29, 2008 |
| CVE-2008-5732 | Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | High | Dec 29, 2008 |
| CVE-2008-5733 | SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Dec 29, 2008 |
| CVE-2008-5734 | Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message. | Medium | Dec 29, 2008 |
| CVE-2008-5735 | Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file. | High | Dec 29, 2008 |
| CVE-2008-5736 | Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are not properly initialized for (1) netgraph sockets and (2) bluetooth sockets. | High | Dec 29, 2008 |
| CVE-2008-5737 | SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter. | High | Dec 29, 2008 |
| CVE-2008-5738 | Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information. | High | Dec 29, 2008 |
| CVE-2008-5739 | SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter. | High | Dec 29, 2008 |
| CVE-2008-5742 | Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an HTTP Response Splitting section in the original disclosure. | Medium | Dec 29, 2008 |
