The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2008-0727 | Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. | High | Mar 18, 2008 | n/a |
| CVE-2008-0726 | Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0725 | Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702. | High | Feb 12, 2008 | n/a |
| CVE-2008-0724 | The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0723 | Cross-site scripting (XSS) vulnerability in myUnchangeds.inc.php in MyUnchangeds 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0722 | Cross-site scripting (XSS) vulnerability in index.php in Pagetool 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter in a pagetool_search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0721 | SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter. | High | Feb 12, 2008 | n/a |
| CVE-2008-0720 | Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0719 | SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter. | High | Feb 12, 2008 | n/a |
| CVE-2008-0718 | Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors. | Medium | Feb 25, 2008 | n/a |
| CVE-2008-0717 | Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0716 | The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 allows local users to gain privileges via a "Shatter" style attack. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0715 | Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user-assisted remote attackers to execute arbitrary code via a malformed XBM file. NOTE: this might be the same as CVE-2007-6009. | High | Feb 22, 2008 | n/a |
| CVE-2008-0714 | SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action. | Medium | Feb 22, 2008 | n/a |
| CVE-2008-0713 | Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors. | Medium | May 13, 2008 | n/a |
| CVE-2008-0712 | Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513. | Medium | Apr 28, 2008 | n/a |
| CVE-2008-0711 | Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors. | High | Apr 8, 2008 | n/a |
| CVE-2008-0710 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2008-0709 | Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214. | Medium | Apr 8, 2008 | n/a |
| CVE-2008-0708 | HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) 442085-B21 for certain HP ProLiant servers contain the (a) W32.Fakerecy and (b) W32.SillyFDC worms, which might be launched if the server does not have up-to-date detection. | Medium | Apr 7, 2008 | n/a |
| CVE-2008-0707 | HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors. | High | Mar 20, 2008 | n/a |
| CVE-2008-0706 | Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password. | HIGH | Aug 8, 2017 | n/a |
| CVE-2008-0705 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2008-0704 | Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors. | High | Mar 31, 2008 | n/a |
| CVE-2008-0703 | Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0702 | Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641. | High | Feb 22, 2008 | n/a |
| CVE-2008-0701 | ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a Unchanged item, possibly involving addition of arbitrary Unchanged content. | Medium | Feb 22, 2008 | n/a |
| CVE-2008-0700 | Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0699 | Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB before 8.2 Fixpak 16 has unknown impact and attack vectors. | High | Feb 12, 2008 | n/a |
| CVE-2008-0698 | Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." | High | Feb 12, 2008 | n/a |
| CVE-2008-0697 | Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. | High | Feb 12, 2008 | n/a |
| CVE-2008-0696 | IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | High | Feb 12, 2008 | n/a |
| CVE-2008-0695 | SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action. | High | Feb 12, 2008 | n/a |
| CVE-2008-0694 | Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0693 | Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 Client Billing and Authentication 7.0.127.16 allows remote attackers to cause a denial of service (service outage) via a series of long packets to TCP port 48101. | High | Feb 12, 2008 | n/a |
| CVE-2008-0692 | SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | High | Feb 12, 2008 | n/a |
| CVE-2008-0691 | Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0690 | SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action. | High | Feb 12, 2008 | n/a |
| CVE-2008-0689 | SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action. | High | Feb 12, 2008 | n/a |
| CVE-2008-0688 | Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript Domain Trader 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a viewcategory action. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0687 | Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter. | High | Feb 12, 2008 | n/a |
| CVE-2008-0686 | SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | High | Feb 12, 2008 | n/a |
| CVE-2008-0685 | SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | High | Feb 12, 2008 | n/a |
| CVE-2008-0684 | Cross-site scripting (XSS) vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to inject arbitrary web script or HTML via the CatID parameter. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0683 | SQL injection vulnerability in shiftthis-preview.php in the st_Unchangedsletter plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the Unchangedsletter parameter. | High | Feb 12, 2008 | n/a |
| CVE-2008-0682 | SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Feb 26, 2008 | n/a |
| CVE-2008-0681 | SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0680 | SNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request. | High | Feb 12, 2008 | n/a |
| CVE-2008-0679 | Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | Medium | Feb 12, 2008 | n/a |
| CVE-2008-0678 | SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action. | Medium | Feb 12, 2008 | n/a |
