The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2008-2788 | Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | Medium | Jun 23, 2008 |
CVE-2008-2789 | SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | High | Jun 23, 2008 |
CVE-2008-2790 | SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Jun 23, 2008 |
CVE-2008-2791 | SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Jun 23, 2008 |
CVE-2008-2792 | SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter. | High | Jun 23, 2008 |
CVE-2008-2793 | SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | High | Jun 23, 2008 |
CVE-2008-2795 | Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\\ (dot dot backslash) in a response to a LIST command. | Medium | Jun 23, 2008 |
CVE-2008-2796 | SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. | High | Jun 23, 2008 |
CVE-2008-2797 | Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Jun 23, 2008 |
CVE-2008-2813 | Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | Medium | Jun 23, 2008 |
CVE-2008-2814 | Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast Admin Panel 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter to the login interface. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Jun 23, 2008 |
CVE-2008-2815 | SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Jun 23, 2008 |
CVE-2008-2816 | SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572. | High | Jun 23, 2008 |
CVE-2008-2817 | SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action. | High | Jun 23, 2008 |
CVE-2008-2818 | Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the section parameter to the default URI. | Medium | Jun 23, 2008 |
CVE-2008-2819 | SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jun 23, 2008 |
CVE-2008-2820 | Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | Medium | Jun 23, 2008 |
CVE-2008-2821 | Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. | Medium | Jun 23, 2008 |
CVE-2008-2822 | Multiple directory traversal vulnerabilities in the FTP client in 3D-FTP Client 8.01 (8.0 build 1) allow remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a (1) LIST or (2) MLSD command. | Medium | Jun 23, 2008 |
CVE-2008-2823 | SQL injection vulnerability in Unchangedsarchive.php in PHPeasyblog (formerly phpeasyUnchangeds) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. | High | Jun 23, 2008 |
CVE-2008-2824 | Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors. | High | Jun 23, 2008 |
CVE-2008-2825 | Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jun 23, 2008 |
CVE-2008-2827 | The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. | Medium | Jun 23, 2008 |
CVE-2008-2828 | Stack-based buffer overflow in tmsnc allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an MSN packet with a UBX commands containing a large UBX payload length field. | Medium | Jun 23, 2008 |
CVE-2008-2829 | php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request, which triggers an rfc822.c legacy routine buffer overflow error message. | Medium | Jun 23, 2008 |
CVE-2008-2830 | ARDAgent in Apple Mac OS X 10.4 and 10.5 allows local users to gain privileges via an osascript tell command. | High | Jun 23, 2008 |
CVE-2008-0071 | The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. | Medium | Jun 20, 2008 |
CVE-2008-2360 | Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. | High | Jun 20, 2008 |
CVE-2008-2665 | Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run. | Medium | Jun 20, 2008 |
CVE-2008-2666 | Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. | Medium | Jun 20, 2008 |
CVE-2008-2708 | Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) UltraSPARC T2+ kernel modules in Sun Solaris 10, and OpenSolaris before snv_93, allows local users to cause a denial of service (panic) via unspecified vectors, probably related to core files. | Medium | Jun 20, 2008 |
CVE-2008-2721 | Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a Unchanged album to a hidden album. | Medium | Jun 20, 2008 |
CVE-2008-2724 | Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions. | Medium | Jun 20, 2008 |
CVE-2008-2744 | Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors and an obscure method. NOTE: the vector is probably in the redirect parameter to the Admin Control Panel (admincp/index.php). | Medium | Jun 20, 2008 |
CVE-2008-2746 | SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter. | High | Jun 20, 2008 |
CVE-2008-2779 | Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder. | High | Jun 20, 2008 |
CVE-2008-2782 | Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php. | High | Jun 20, 2008 |
CVE-2008-2784 | The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command. | Medium | Jun 20, 2008 |
CVE-2008-2794 | Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors. | Medium | Jun 20, 2008 |
CVE-2008-2639 | Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222. | High | Jun 19, 2008 |
CVE-2008-2764 | Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors (all fields). | Low | Jun 19, 2008 |
CVE-2008-1377 | The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | High | Jun 17, 2008 |
CVE-2008-1379 | Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. | Medium | Jun 17, 2008 |
CVE-2008-1806 | Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. | High | Jun 17, 2008 |
CVE-2008-2366 | Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path. | Medium | Jun 17, 2008 |
CVE-2008-2705 | Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition (DSEE), allows remote attackers to bypass authentication via unspecified vectors. | High | Jun 17, 2008 |
CVE-2008-2706 | Unspecified vulnerability in the event port implementation in Sun Solaris 10 allows local users to cause a denial of service (panic) by submitting and retrieving user-defined events, probably related to a NULL dereference. | Medium | Jun 17, 2008 |
CVE-2008-2707 | Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors. | High | Jun 17, 2008 |
CVE-2008-2364 | The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. | Medium | Jun 16, 2008 |
CVE-2008-2654 | Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler. | High | Jun 16, 2008 |