The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-2070 | The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors. | Medium | May 12, 2008 |
| CVE-2008-2069 | Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI. | High | May 5, 2008 |
| CVE-2008-2068 | Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | May 5, 2008 |
| CVE-2008-2067 | SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. | High | May 5, 2008 |
| CVE-2008-2066 | Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. | Medium | May 5, 2008 |
| CVE-2008-2065 | SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter. | High | May 5, 2008 |
| CVE-2008-2064 | Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors. | High | May 5, 2008 |
| CVE-2008-2063 | SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter. | High | May 5, 2008 |
| CVE-2008-2062 | The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. | Medium | Jun 26, 2008 |
| CVE-2008-2061 | The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. | High | Jun 26, 2008 |
| CVE-2008-2060 | Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a specific series of jumbo Ethernet frames. | High | Jun 27, 2008 |
| CVE-2008-2059 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors. | High | Jun 5, 2008 |
| CVE-2008-2058 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device. | High | Jun 5, 2008 |
| CVE-2008-2057 | The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet. | Medium | Jun 5, 2008 |
| CVE-2008-2056 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface. | High | Jun 5, 2008 |
| CVE-2008-2055 | Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface. | High | Jun 12, 2008 |
| CVE-2008-2054 | Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors. | High | May 30, 2008 |
| CVE-2008-2053 | Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account. | High | May 22, 2008 |
| CVE-2008-2052 | Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. | Medium | May 5, 2008 |
| CVE-2008-2051 | The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." | High | May 6, 2008 |
| CVE-2008-2050 | Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors | High | May 6, 2008 |
| CVE-2008-2049 | The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. | Medium | May 5, 2008 |
| CVE-2008-2048 | Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. | Medium | May 9, 2008 |
| CVE-2008-2047 | Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp. | High | May 9, 2008 |
| CVE-2008-2046 | Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter. | Medium | May 2, 2008 |
| CVE-2008-2045 | Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory. | Medium | May 9, 2008 |
| CVE-2008-2044 | includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php. | High | May 9, 2008 |
| CVE-2008-2043 | Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html. | Medium | May 9, 2008 |
| CVE-2008-2042 | The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to (1) execute arbitrary commands or (2) trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function. | High | May 8, 2008 |
| CVE-2008-2041 | Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root. | High | May 1, 2008 |
| CVE-2008-2040 | Stack-based buffer overflow in the HTTP::getAuthUserPass function (core/common/http.cpp) in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Basic Authentication string with a long (1) username or (2) password. | High | May 1, 2008 |
| CVE-2008-2039 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | -- | Nov 7, 2023 |
| CVE-2008-2038 | Multiple SQL injection vulnerabilities in admin/adminindex.php in Turnkey Web Tools SunShop Shopping Cart 4.1.0 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) orderby and (2) sort parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | May 1, 2008 |
| CVE-2008-2037 | Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php. | Low | May 1, 2008 |
| CVE-2008-2036 | SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action. | High | May 1, 2008 |
| CVE-2008-2035 | Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) BackPack 0.91 and earlier, (2) BmSurvey 0.84 and earlier, (3) Unchangedbb_fileup 1.83 and earlier, (4) Unchangeds_embed (Unchangeds_fileup) 1.44 and earlier, and (5) PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | May 1, 2008 |
| CVE-2008-2034 | SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | May 1, 2008 |
| CVE-2008-2033 | Multiple unspecified vulnerabilities in ZoneMinder before 1.23.3 allow remote authenticated users to execute arbitrary code via unknown attack vectors. | High | May 1, 2008 |
| CVE-2008-2032 | The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | May 1, 2008 |
| CVE-2008-2031 | VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | May 1, 2008 |
| CVE-2008-2030 | Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 FirePass 4100 SSL VPN 5.4.2-5.5.2 and 6.0-6.2 allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | May 1, 2008 |
| CVE-2008-2029 | Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php. | High | May 1, 2008 |
| CVE-2008-2028 | miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to obtain the full path via a direct request to the glang parameter in a registerUnchanged action to index.php, which leaks the path in an error message. | Medium | May 1, 2008 |
| CVE-2008-2027 | Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an ftp URL in the url parameter to a Redirect action. | Medium | May 1, 2008 |
| CVE-2008-2026 | Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it might be the same as CVE-2008-1470. | Medium | May 1, 2008 |
| CVE-2008-2025 | Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to insufficient quoting of parameters. | Medium | Apr 18, 2009 |
| CVE-2008-2024 | Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registerUnchanged action. | Medium | May 1, 2008 |
| CVE-2008-2023 | Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp. | High | May 1, 2008 |
| CVE-2008-2022 | Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) toid parameter to send-private-message.asp and the (2) redirect parameter to admin/impersonate.asp. NOTE: vector 2 requires authentication. | Medium | May 1, 2008 |
| CVE-2008-2021 | Heap-based buffer overflow in Lhaplus before 1.57 allows remote attackers to execute arbitrary code via a long comment field in a ZOO archive. | High | May 1, 2008 |
