The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-1646 | SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. | High | Apr 3, 2008 |
| CVE-2008-1645 | Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter. | High | Apr 3, 2008 |
| CVE-2008-1644 | SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Apr 3, 2008 |
| CVE-2008-1643 | Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors. | High | Apr 3, 2008 |
| CVE-2008-1642 | Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Apr 3, 2008 |
| CVE-2008-1641 | SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter. | High | Apr 3, 2008 |
| CVE-2008-1640 | SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action. | High | Apr 3, 2008 |
| CVE-2008-1639 | SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php. | High | Apr 3, 2008 |
| CVE-2008-1638 | Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse. | Medium | Apr 3, 2008 |
| CVE-2008-1637 | PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information. | Medium | Apr 3, 2008 |
| CVE-2008-1636 | Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Apr 3, 2008 |
| CVE-2008-1635 | Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected. | High | Apr 3, 2008 |
| CVE-2008-1634 | Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Apr 3, 2008 |
| CVE-2008-1633 | Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE. | Medium | Apr 3, 2008 |
| CVE-2008-1632 | Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to pages/editfield.php, and the (4) templateid to pages/edittemplate_step1.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Apr 3, 2008 |
| CVE-2008-1631 | SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php. | High | Apr 3, 2008 |
| CVE-2008-1630 | Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/. | High | Apr 2, 2008 |
| CVE-2008-1629 | Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Apr 2, 2008 |
| CVE-2008-1628 | Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information. | Medium | Apr 2, 2008 |
| CVE-2008-1627 | CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID. | Medium | Apr 2, 2008 |
| CVE-2008-1626 | SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159. | High | Apr 2, 2008 |
| CVE-2008-1625 | aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. | Medium | Apr 2, 2008 |
| CVE-2008-1624 | Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter. | High | Apr 2, 2008 |
| CVE-2008-1623 | SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter. | High | Apr 2, 2008 |
| CVE-2008-1622 | Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Apr 2, 2008 |
| CVE-2008-1621 | Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Apr 2, 2008 |
| CVE-2008-1620 | Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename. | High | Apr 2, 2008 |
| CVE-2008-1619 | The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. | Medium | Apr 2, 2008 |
| CVE-2008-1618 | The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes during depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames. | Medium | Apr 8, 2008 |
| CVE-2008-1617 | Double free vulnerability in Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite Web 8.2 before SP1 P2, allows remote attackers to execute arbitrary code via JavaScript that sets the Server property to a string, then sets the string to null. | High | Apr 8, 2008 |
| CVE-2008-1615 | Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. | Medium | May 8, 2008 |
| CVE-2008-1614 | suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges. | Medium | Apr 2, 2008 |
| CVE-2008-1613 | SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter. | High | Apr 22, 2008 |
| CVE-2008-1612 | The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239. | Medium | Apr 1, 2008 |
| CVE-2008-1611 | Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request. | High | Apr 1, 2008 |
| CVE-2008-1610 | Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request. | High | Apr 1, 2008 |
| CVE-2008-1609 | Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127. | Medium | Apr 1, 2008 |
| CVE-2008-1608 | SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Apr 1, 2008 |
| CVE-2008-1607 | SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter. | Medium | Apr 1, 2008 |
| CVE-2008-1606 | Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp. | Medium | Apr 1, 2008 |
| CVE-2008-1605 | The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method. | High | Apr 1, 2008 |
| CVE-2008-1604 | Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Apr 1, 2008 |
| CVE-2008-1603 | Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the email form. | Medium | Apr 1, 2008 |
| CVE-2008-1602 | Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed. | High | Apr 7, 2008 |
| CVE-2008-1601 | Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges. | HIGH | Sep 29, 2017 |
| CVE-2008-1600 | The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329. | HIGH | Sep 29, 2017 |
| CVE-2008-1599 | The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat. | HIGH | Sep 29, 2017 |
| CVE-2008-1598 | The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors. | MEDIUM | Mar 8, 2011 |
| CVE-2008-1597 | The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior." | MEDIUM | Sep 29, 2017 |
| CVE-2008-1596 | Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680. | HIGH | Mar 8, 2011 |
