The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-2282 | admin.php in Internet Photoshow and Internet Photoshow Special Edition (SE) allows remote attackers to bypass authentication by setting the login_admin cookie to true. | High | May 20, 2008 |
| CVE-2008-2281 | Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document. | High | May 19, 2008 |
| CVE-2008-2280 | Cross-site scripting (XSS) vulnerability in admin/index.php in Script PHP PicEngine 1.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | May 19, 2008 |
| CVE-2008-2279 | Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table. | Medium | May 19, 2008 |
| CVE-2008-2278 | SQL injection vulnerability in browseproject.php in Freelance Auction Script 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a pdetails action. | High | May 20, 2008 |
| CVE-2008-2277 | SQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | High | May 20, 2008 |
| CVE-2008-2276 | Cross-site request forgery (CSRF) vulnerability in Mantis 1.1.1 allows remote attackers to create Unchanged administrative users via user_create. | Medium | May 20, 2008 |
| CVE-2008-2275 | Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors. | High | May 20, 2008 |
| CVE-2008-2274 | Cross-site scripting (XSS) vulnerability in the sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | May 19, 2008 |
| CVE-2008-2273 | Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors. | High | May 20, 2008 |
| CVE-2008-2272 | Mltiple cross-site scripting (XSS) vulnerabilities in the web interface in Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.5.x, 2.5.6.x, 3.1.1.x, 3.2.0.x, and 3.3.1.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | May 19, 2008 |
| CVE-2008-2271 | The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the access content permission to list tables and obtain session IDs from the database. | High | May 20, 2008 |
| CVE-2008-2270 | Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenloses Linkmanagementscript allow remote attackers to execute arbitrary PHP code via a URL in the (1) main_page_directory and (2) page_to_include parameters in templateindex.php. | High | May 20, 2008 |
| CVE-2008-2269 | AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers to bypass authentication and gain privileges by setting the gastracker_admin cookie to TRUE. | High | May 19, 2008 |
| CVE-2008-2268 | Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6.7 GT Rev.01 allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in a redirect action to mjguest.php. NOTE: this is user-assisted because there is a delay and a notification before redirection occurs. | Medium | May 20, 2008 |
| CVE-2008-2267 | Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/. | High | May 20, 2008 |
| CVE-2008-2266 | uulib/uunconc.c in UUDeview 0.5.20 allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression. | Medium | May 20, 2008 |
| CVE-2008-2265 | SQL injection vulnerability in Unchangeds.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter. | High | May 20, 2008 |
| CVE-2008-2264 | Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 allows remote attackers to inject arbitrary web script or HTML via the msg_erreur parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | May 20, 2008 |
| CVE-2008-2263 | SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc. | High | May 20, 2008 |
| CVE-2008-2259 | Microsoft Internet Explorer 6 and 7 does not perform proper argument validation during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka HTML Component Handling Vulnerability. | High | Aug 13, 2008 |
| CVE-2008-2258 | Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2257, aka HTML Objects Memory Corruption Vulnerability. | High | Aug 13, 2008 |
| CVE-2008-2257 | Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2258, aka HTML Objects Memory Corruption Vulnerability. | High | Aug 13, 2008 |
| CVE-2008-2256 | Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka Uninitialized Memory Corruption Vulnerability. | High | Aug 13, 2008 |
| CVE-2008-2255 | Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka HTML Object Memory Corruption Vulnerability. | High | Aug 13, 2008 |
| CVE-2008-2254 | Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka HTML Object Memory Corruption Vulnerability. | High | Aug 13, 2008 |
| CVE-2008-2253 | Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka Windows Media Player Sampling Rate Vulnerability.http://www.microsoft.com/technet/security/Bulletin/MS08-054.mspx Security updates are available from Microsoft Update, Windows Update, and Office Update. Security updates are also available from the Microsoft Download Center. You can find them most easily by doing a keyword search for security update. *Windows Server 2008 server core installation not affected. The vulnerability addressed by this update does not affect supported editions of Windows Server 2008 if Windows Server 2008 was installed using the Server Core installation option, even though the files affected by this vulnerability may be present on the system. However, users with the affected files will still be offered this update because the update files are Unchangeder (with higher version numbers) than the files that are currently on your system. For more information on this installation option, see Server Core. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options. | High | Sep 11, 2008 |
| CVE-2008-2252 | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka Windows Kernel Memory Corruption Vulnerability. | High | Oct 15, 2008 |
| CVE-2008-2251 | Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka Windows Kernel Unhandled Exception Vulnerability. NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. | High | Oct 15, 2008 |
| CVE-2008-2250 | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a Unchanged window, which allows local users to gain privileges via a crafted application, aka Windows Kernel Window Creation Vulnerability. | High | Oct 15, 2008 |
| CVE-2008-2249 | Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka GDI Integer Overflow Vulnerability. | High | Dec 10, 2008 |
| CVE-2008-2248 | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 and 2007 up to SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247. | Medium | Jul 11, 2008 |
| CVE-2008-2247 | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 and 2007 up to SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248. | Medium | Jul 9, 2008 |
| CVE-2008-2246 | Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. | High | Aug 14, 2008 |
| CVE-2008-2245 | Heap-based buffer overflow in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. | High | Aug 13, 2008 |
| CVE-2008-2244 | Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. | High | Jul 10, 2008 |
| CVE-2008-2242 | Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function. | High | May 21, 2008 |
| CVE-2008-2241 | Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file. | High | May 21, 2008 |
| CVE-2008-2240 | Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header. | High | May 22, 2008 |
| CVE-2008-2238 | Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted EMF file associated with a StarOffice/StarSuite document. | High | Nov 4, 2008 |
| CVE-2008-2237 | Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document. | High | Nov 4, 2008 |
| CVE-2008-2236 | Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). NOTE: some of these details are obtained from third party information. | Medium | Oct 3, 2008 |
| CVE-2008-2235 | OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN. | Medium | Aug 4, 2008 |
| CVE-2008-2234 | Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote attackers to execute arbitrary code via a crafted Authorization: Basic HTTP header. | High | Aug 19, 2008 |
| CVE-2008-2233 | The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors. | High | Aug 19, 2008 |
| CVE-2008-2232 | The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname. | Medium | Jul 17, 2008 |
| CVE-2008-2231 | SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter. | High | Jun 6, 2008 |
| CVE-2008-2230 | Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory. | Medium | Jun 11, 2008 |
| CVE-2008-2228 | PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter. | Medium | May 15, 2008 |
| CVE-2008-2227 | Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | May 15, 2008 |
