The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-3449 | MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder. | Medium | Aug 4, 2008 |
| CVE-2008-3450 | Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors. | High | Aug 4, 2008 |
| CVE-2008-1376 | A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on Red Hat Enterprise Linux (RHEL) 5 omits TCP wrappers support, which might allow remote attackers to bypass intended access restrictions. | High | Aug 1, 2008 |
| CVE-2008-1662 | Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an empty systems list. | High | Aug 1, 2008 |
| CVE-2008-1810 | Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable. | Medium | Aug 1, 2008 |
| CVE-2008-3265 | SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php. | Medium | Aug 1, 2008 |
| CVE-2008-3268 | Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information. | Medium | Aug 1, 2008 |
| CVE-2008-3288 | The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a weak hash algorithm, which makes it easier for context-dependent attackers to recover passwords. | Medium | Aug 1, 2008 |
| CVE-2008-3291 | SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Aug 1, 2008 |
| CVE-2008-3293 | Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter. | Medium | Aug 1, 2008 |
| CVE-2008-3295 | Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Aug 1, 2008 |
| CVE-2008-3296 | Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Aug 1, 2008 |
| CVE-2008-3297 | Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php. | High | Aug 1, 2008 |
| CVE-2008-3298 | SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code. | Medium | Aug 1, 2008 |
| CVE-2008-3299 | eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Aug 1, 2008 |
| CVE-2008-3300 | AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Aug 1, 2008 |
| CVE-2008-3301 | Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_Unchanged_post] parameter to admin/post.php. NOTE: some of these details are obtained from third party information. | Low | Aug 1, 2008 |
| CVE-2008-3302 | SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter. | Medium | Aug 1, 2008 |
| CVE-2008-3303 | admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. | Medium | Aug 1, 2008 |
| CVE-2008-3304 | BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message. | Medium | Aug 1, 2008 |
| CVE-2008-3305 | Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter. | Medium | Aug 1, 2008 |
| CVE-2008-3308 | PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter. | Medium | Aug 1, 2008 |
| CVE-2008-3310 | SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter. | High | Aug 1, 2008 |
| CVE-2008-3311 | PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | High | Aug 1, 2008 |
| CVE-2008-3312 | Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor. | Medium | Aug 1, 2008 |
| CVE-2008-3314 | ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference. | Medium | Aug 1, 2008 |
| CVE-2008-3317 | admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. | High | Aug 1, 2008 |
| CVE-2008-3321 | admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. | High | Aug 1, 2008 |
| CVE-2008-3326 | Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title). | Low | Aug 1, 2008 |
| CVE-2008-3328 | Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | Medium | Aug 1, 2008 |
| CVE-2008-3329 | Unspecified vulnerability in Links before 2.1, when only proxies is enabled, has unknown impact and attack vectors related to providing URLs to external programs. | High | Aug 1, 2008 |
| CVE-2008-3335 | Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors. | High | Aug 1, 2008 |
| CVE-2008-3371 | Directory traversal vulnerability in install/help.php in TalkBack 2.3.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | High | Aug 1, 2008 |
| CVE-2008-3372 | SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | High | Aug 1, 2008 |
| CVE-2008-3374 | SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action. | High | Aug 1, 2008 |
| CVE-2008-3375 | The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. | High | Aug 1, 2008 |
| CVE-2008-3376 | Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors. | High | Aug 1, 2008 |
| CVE-2008-3377 | SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | High | Aug 1, 2008 |
| CVE-2008-3378 | SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | High | Aug 1, 2008 |
| CVE-2008-3379 | Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the pic parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Aug 1, 2008 |
| CVE-2008-3380 | Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter. | Medium | Aug 1, 2008 |
| CVE-2008-3381 | Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Aug 1, 2008 |
| CVE-2008-3382 | SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. | High | Aug 1, 2008 |
| CVE-2008-3383 | SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action. | High | Aug 1, 2008 |
| CVE-2008-3384 | Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters. | High | Aug 1, 2008 |
| CVE-2008-3385 | Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | Medium | Aug 1, 2008 |
| CVE-2008-3386 | SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086. | High | Aug 1, 2008 |
| CVE-2008-3387 | SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter. | High | Aug 1, 2008 |
| CVE-2008-3388 | Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php. | High | Aug 1, 2008 |
| CVE-2008-3390 | Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | Medium | Aug 1, 2008 |
