The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-1314 | SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php. | High | Mar 13, 2008 |
| CVE-2008-1313 | Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors. | High | Mar 13, 2008 |
| CVE-2008-1312 | Unspecified vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to cause a denial of service (daemon crash) via a long TFTP packet, a different vulnerability than CVE-2008-1311. | Medium | Mar 13, 2008 |
| CVE-2008-1311 | The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312. | Medium | Mar 13, 2008 |
| CVE-2008-1310 | Directory traversal vulnerability in the TFTP server in PacketTrap Networks pt360 Tool Suite 1.1.33.1.0, and other versions before 2.0.3900.0, allows remote attackers to read and overwrite arbitrary files via directory traversal sequences in the pathname. | High | Mar 13, 2008 |
| CVE-2008-1309 | The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll 6.0.10.45 in RealNetworks RealPlayer 11.0.1 build 6.0.14.794 does not properly manage memory for the Console property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. NOTE: some of these details are obtained from third party information. | High | Mar 13, 2008 |
| CVE-2008-1308 | SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php. | High | Mar 13, 2008 |
| CVE-2008-1307 | Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method. | High | Mar 13, 2008 |
| CVE-2008-1306 | Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content Manager (CM) allow remote attackers to inject arbitrary web script or HTML via the searchterms parameter to (1) searchresults.cfm, (2) search_results.cfm, and (3) search_results/index.cfm. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Mar 13, 2008 |
| CVE-2008-1305 | SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Mar 13, 2008 |
| CVE-2008-1304 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php. | Medium | Mar 13, 2008 |
| CVE-2008-1303 | The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference. | Medium | Mar 13, 2008 |
| CVE-2008-1302 | The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access. | Medium | Mar 13, 2008 |
| CVE-2008-1301 | Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter. | Medium | Mar 13, 2008 |
| CVE-2008-1300 | Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045. | Medium | Mar 13, 2008 |
| CVE-2008-1299 | Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Windows allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Mar 13, 2008 |
| CVE-2008-1298 | SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php. | High | Mar 13, 2008 |
| CVE-2008-1297 | SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | High | Mar 13, 2008 |
| CVE-2008-1296 | Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery 1.11.2 allow remote attackers to inject arbitrary web script or HTML via the file parameter to (1) watermark.php and (2) catalog_watermark.php in core/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Mar 13, 2008 |
| CVE-2008-1295 | SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyUnchangedsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter. | Medium | Mar 13, 2008 |
| CVE-2008-1294 | Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. | Low | May 5, 2008 |
| CVE-2008-1293 | ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 pass the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display | Medium | Apr 29, 2008 |
| CVE-2008-1292 | ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters. | Medium | Mar 25, 2008 |
| CVE-2008-1291 | ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder. | Medium | Mar 25, 2008 |
| CVE-2008-1290 | ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information. | Medium | Mar 25, 2008 |
| CVE-2008-1289 | Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c. | High | Mar 25, 2008 |
| CVE-2008-1288 | IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies. | Medium | Mar 12, 2008 |
| CVE-2008-1287 | IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 ggenerates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames. | Medium | Mar 12, 2008 |
| CVE-2008-1286 | Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. | High | Mar 12, 2008 |
| CVE-2008-1285 | Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | Medium | Mar 12, 2008 |
| CVE-2008-1284 | Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. | Medium | Mar 11, 2008 |
| CVE-2008-1283 | Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 allows remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in the 404 error page. | Medium | Mar 11, 2008 |
| CVE-2008-1282 | Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter. | High | Mar 11, 2008 |
| CVE-2008-1281 | Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | Medium | Mar 11, 2008 |
| CVE-2008-1280 | Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. | Medium | Mar 11, 2008 |
| CVE-2008-1279 | Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. | Medium | Mar 11, 2008 |
| CVE-2008-1278 | The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, which triggers a NULL pointer dereference. NOTE: the service is automatically restarted. | Medium | Mar 11, 2008 |
| CVE-2008-1277 | The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference. | High | Mar 11, 2008 |
| CVE-2008-1276 | Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands. | High | Mar 11, 2008 |
| CVE-2008-1275 | Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands. | High | Mar 11, 2008 |
| CVE-2008-1274 | Untrusted search path vulnerability in man in IBM AIX 6.1.0 invokes binaries without full pathnames, which allows local users to execute arbitrary code via a malicious program in the man directory. | High | Mar 11, 2008 |
| CVE-2008-1273 | Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Mar 11, 2008 |
| CVE-2008-1272 | Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php. | High | Mar 11, 2008 |
| CVE-2008-1271 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1218. Reason: This candidate is a duplicate of CVE-2008-1218. Notes: All CVE users should reference CVE-2008-1218 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | Low | Mar 12, 2008 |
| CVE-2008-1270 | mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. | Medium | Mar 11, 2008 |
| CVE-2008-1269 | cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus Wi-Fi router does not verify authentication credentials, which allows remote attackers to disable Wi-Fi encryption via a certain request. | High | Mar 11, 2008 |
| CVE-2008-1268 | The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. | High | Mar 11, 2008 |
| CVE-2008-1267 | The Siemens SpeedStream 6520 router allows remote attackers to cause a denial of service (web interface crash) via an HTTP request to basehelp_English.htm with a large integer in the Content-Length field. | High | Mar 11, 2008 |
| CVE-2008-1266 | Multiple buffer overflows in the web interface on the D-Link DI-524 router allow remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact via (1) a long username or (2) an HTTP header with a large name and an empty value. | High | Mar 11, 2008 |
| CVE-2008-1265 | The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. | High | Mar 11, 2008 |
