The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2008-3043 | Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to certain file types. | High | Jul 11, 2008 | n/a |
| CVE-2008-3042 | Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to Improper Error Handling. | High | Jul 8, 2008 | n/a |
| CVE-2008-3041 | Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to broken access control. | High | Jul 14, 2008 | n/a |
| CVE-2008-3040 | Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | Medium | Jul 11, 2008 | n/a |
| CVE-2008-3039 | SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 14, 2008 | n/a |
| CVE-2008-3038 | SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 11, 2008 | n/a |
| CVE-2008-3037 | Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jul 14, 2008 | n/a |
| CVE-2008-3036 | Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter. | High | Jul 11, 2008 | n/a |
| CVE-2008-3035 | SQL injection vulnerability in UnchangedThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter. | Medium | Jul 14, 2008 | n/a |
| CVE-2008-3034 | Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php. | High | Jul 14, 2008 | n/a |
| CVE-2008-3033 | RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php. | High | Jul 14, 2008 | n/a |
| CVE-2008-3032 | Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jul 14, 2008 | n/a |
| CVE-2008-3031 | Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. | High | Jul 11, 2008 | n/a |
| CVE-2008-3030 | SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action. | High | Jul 14, 2008 | n/a |
| CVE-2008-3029 | Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jul 14, 2008 | n/a |
| CVE-2008-3028 | Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jul 14, 2008 | n/a |
| CVE-2008-3027 | SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php. | High | Jul 11, 2008 | n/a |
| CVE-2008-3026 | SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Jul 11, 2008 | n/a |
| CVE-2008-3025 | SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action. | High | Jul 14, 2008 | n/a |
| CVE-2008-3024 | Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/. | Medium | Jul 7, 2008 | n/a |
| CVE-2008-3023 | Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2005-1799. | Medium | Jul 7, 2008 | n/a |
| CVE-2008-3022 | Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3) uzanti parameters. | High | Jul 7, 2008 | n/a |
| CVE-2008-3021 | Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the PICT Filter Parsing Vulnerability, a different vulnerability than CVE-2008-3018. | High | Aug 14, 2008 | n/a |
| CVE-2008-3020 | Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the Malformed BMP Filter Vulnerability. | High | Aug 14, 2008 | n/a |
| CVE-2008-3019 | Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the Malformed EPS Filter Vulnerability. | High | Aug 14, 2008 | n/a |
| CVE-2008-3018 | Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the Malformed PICT Filter Vulnerability, a different vulnerability than CVE-2008-3021. | High | Aug 14, 2008 | n/a |
| CVE-2008-3017 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2008-3016 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2008-3015 | Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka GDI+ BMP Integer Overflow Vulnerability. | High | Sep 17, 2008 | n/a |
| CVE-2008-3014 | Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka GDI+ WMF Buffer Overrun Vulnerability. | High | Sep 11, 2008 | n/a |
| CVE-2008-3013 | gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a GIF image file with a malformed graphic control extension, aka GDI+ GIF Parsing Vulnerability. | High | Sep 17, 2008 | n/a |
| CVE-2008-3012 | gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka GDI+ EMF Memory Corruption Vulnerability. | High | Sep 17, 2008 | n/a |
| CVE-2008-3011 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2008-3010 | Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka ISATAP Vulnerability. | High | Dec 10, 2008 | n/a |
| CVE-2008-3009 | Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka SPN Vulnerability. | High | Dec 10, 2008 | n/a |
| CVE-2008-3008 | Buffer overflow in a certain ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via unspecified vectors, aka Windows Media Encoder Buffer Overrun Vulnerability. | High | Sep 11, 2008 | n/a |
| CVE-2008-3007 | Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka Uniform Resource Locator Validation Error Vulnerability. | High | Sep 11, 2008 | n/a |
| CVE-2008-3006 | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the Excel Record Parsing Vulnerability. | High | Aug 13, 2008 | n/a |
| CVE-2008-3005 | Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac, do not properly validate an unspecified array index when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the Excel Index Array Vulnerability. | High | Aug 14, 2008 | n/a |
| CVE-2008-3004 | Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the Excel Indexing Validation Vulnerability. | High | Aug 13, 2008 | n/a |
| CVE-2008-3003 | Microsoft Office Excel 2007 Gold and SP1, does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the Excel Credential Caching Vulnerability. | Medium | Aug 14, 2008 | n/a |
| CVE-2008-3002 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2008-3001 | The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions. | High | Jul 15, 2008 | n/a |
| CVE-2008-3000 | The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access modules are used, does not properly implement access control, which allows remote attackers to bypass intended restrictions. | Medium | Jul 15, 2008 | n/a |
| CVE-2008-2999 | Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | High | Jul 4, 2008 | n/a |
| CVE-2008-2998 | Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Jul 4, 2008 | n/a |
| CVE-2008-2997 | Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postUnchangedsubmit (aka create Unchanged thread) action. | Medium | Jul 4, 2008 | n/a |
| CVE-2008-2996 | Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a viewboard action. | Medium | Jul 4, 2008 | n/a |
| CVE-2008-2995 | Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php. | High | Jul 4, 2008 | n/a |
| CVE-2008-2994 | Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to inject arbitrary web script or HTML via the (1) annuaire parameter to (a) last_records.php and (b) annuaire.php and the (2) by and (3) cat_id parameters to annuaire.php. | Medium | Jul 4, 2008 | n/a |
