The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-7172 | Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions. | High | Sep 8, 2009 |
| CVE-2008-7173 | The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage. | High | Sep 9, 2009 |
| CVE-2008-7174 | Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions. | High | Sep 8, 2009 |
| CVE-2008-7177 | Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719. | High | Sep 16, 2009 |
| CVE-2008-7178 | Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a downloadfile action to index.php. | High | Sep 8, 2009 |
| CVE-2008-7179 | OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN_Hora, ADMIN_Logado, and ADMIN_Nome cookies to certain values, as reachable in Admin/index.php. | High | Sep 8, 2009 |
| CVE-2008-7181 | Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php. | High | Sep 9, 2009 |
| CVE-2008-7183 | PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php. | High | Sep 9, 2009 |
| CVE-2008-7188 | ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php. | High | Sep 10, 2009 |
| CVE-2008-7189 | Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attack vectors related to Security holes. | High | Sep 10, 2009 |
| CVE-2008-7190 | Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS). | High | Sep 10, 2009 |
| CVE-2008-7196 | Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a PATH execution security flaw, possibly an untrusted search path vulnerability. | High | Sep 10, 2009 |
| CVE-2008-7197 | Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors. | High | Sep 10, 2009 |
| CVE-2008-7198 | Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors. | High | Sep 10, 2009 |
| CVE-2008-7200 | Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors. | High | Sep 10, 2009 |
| CVE-2008-7201 | Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap. | High | Sep 11, 2009 |
| CVE-2008-7209 | Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory. | High | Sep 15, 2009 |
| CVE-2008-7210 | directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter\'s hash value, which prevents the associated $_GET[s] variable from being unset. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in AJChat. | High | Sep 14, 2009 |
| CVE-2008-7218 | Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors. | High | Sep 16, 2009 |
| CVE-2008-7219 | Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors. | High | Sep 16, 2009 |
| CVE-2008-7220 | Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make cross-site ajax requests via unknown vectors. | High | Sep 14, 2009 |
| CVE-2008-7224 | Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service (crash) via a crafted link. | High | Sep 14, 2009 |
| CVE-2008-7225 | Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151. | High | Sep 15, 2009 |
| CVE-2008-7226 | SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter. | High | Sep 15, 2009 |
| CVE-2008-7228 | Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101. | High | Sep 15, 2009 |
| CVE-2008-7229 | GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character (%20). | High | Sep 14, 2009 |
| CVE-2008-7230 | Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and attack vectors. | High | Sep 15, 2009 |
| CVE-2008-7232 | Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command. | High | Sep 16, 2009 |
| CVE-2008-7233 | Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator component, aka AS02. | High | Sep 15, 2009 |
| CVE-2008-7240 | Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter. | High | Sep 18, 2009 |
| CVE-2008-7249 | Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167. | High | Dec 31, 2009 |
| CVE-2008-7251 | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | High | Jan 28, 2010 |
| CVE-2008-7252 | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. | High | Jan 28, 2010 |
| CVE-2008-7263 | ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | High | Oct 20, 2010 |
| CVE-2008-7267 | SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Dec 1, 2010 |
| CVE-2008-7300 | The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone. | High | Oct 5, 2011 |
| CVE-2008-7301 | SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Oct 5, 2011 |
| CVE-2008-7302 | SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving knowledge of ... the contents of an encrypted file. | High | Oct 5, 2011 |
| CVE-2008-7303 | The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon\'s execution of a script file, a related issue to CVE-2011-1516. | High | Nov 15, 2011 |
| CVE-2009-0001 | Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL. | High | Jan 31, 2009 |
| CVE-2009-0002 | Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms. | High | Jan 31, 2009 |
| CVE-2009-0003 | Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure. | High | Jan 31, 2009 |
| CVE-2009-0004 | Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file. | High | Jan 31, 2009 |
| CVE-2009-0005 | Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption. | High | Jan 31, 2009 |
| CVE-2009-0006 | Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow. | High | Jan 31, 2009 |
| CVE-2009-0007 | Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms. | High | Jan 31, 2009 |
| CVE-2009-0008 | Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.per http://lists.apple.com/archives/security-announce//2009/Jan/msg00001.html This issue does not affect systems running Mac OS X. | High | Jan 29, 2009 |
| CVE-2009-0010 | Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers a heap-based buffer overflow. | High | May 16, 2009 |
| CVE-2009-0011 | Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an insecure file operation on a temporary file. | High | Feb 13, 2009 |
| CVE-2009-0012 | Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted crafted Unicode string. | High | Feb 13, 2009 |
