Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 121824 entries
IDDescriptionPriorityModified date
CVE-2008-2094 SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. High May 7, 2008
CVE-2008-2093 SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php. High May 7, 2008
CVE-2008-2092 Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios. High May 7, 2008
CVE-2008-2091 Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter. High May 6, 2008
CVE-2008-2090 Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. High May 7, 2008
CVE-2008-2089 Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. High May 6, 2008
CVE-2008-2088 SQL injection vulnerability in admin/Unchangeds.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the Unchangeds module to admin.php. High May 6, 2008
CVE-2008-2087 SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. Medium May 7, 2008
CVE-2008-2086 Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka Java Web Start File Inclusion. High Dec 10, 2008
CVE-2008-2085 Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message. High May 12, 2008
CVE-2008-2084 SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action. High May 7, 2008
CVE-2008-2083 SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. Medium May 7, 2008
CVE-2008-2082 Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message. Medium May 7, 2008
CVE-2008-2081 Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter. High May 9, 2008
CVE-2008-2080 Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags. High May 7, 2008
CVE-2008-2079 MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future. Medium May 9, 2008
CVE-2008-2078 Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue. High May 5, 2008
CVE-2008-2077 Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view." High May 5, 2008
CVE-2008-2076 Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter. High May 5, 2008
CVE-2008-2075 Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter. Medium May 5, 2008
CVE-2008-2074 Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveUnchangedRoom.php, and (11) eng.searchMember.php in src/. High May 5, 2008
CVE-2008-2073 Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter. High May 5, 2008
CVE-2008-2072 Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260. Medium May 5, 2008
CVE-2008-2071 Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors. Medium May 12, 2008
CVE-2008-2070 The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors. Medium May 12, 2008
CVE-2008-2069 Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI. High May 5, 2008
CVE-2008-2068 Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Medium May 5, 2008
CVE-2008-2067 SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. High May 5, 2008
CVE-2008-2066 Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. Medium May 5, 2008
CVE-2008-2065 SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter. High May 5, 2008
CVE-2008-2064 Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors. High May 5, 2008
CVE-2008-2063 SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter. High May 5, 2008
CVE-2008-2062 The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151. Medium Jun 26, 2008
CVE-2008-2061 The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748. High Jun 26, 2008
CVE-2008-2060 Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) 5.x before 5.1(8)E2 and 6.x before 6.0(5)E2, when inline mode and jumbo Ethernet support are enabled, allows remote attackers to cause a denial of service (panic), and possibly bypass intended restrictions on network traffic, via a specific series of jumbo Ethernet frames. High Jun 27, 2008
CVE-2008-2059 Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 allows remote attackers to bypass control-plane ACLs for the device via unknown vectors. High Jun 5, 2008
CVE-2008-2058 Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(3)2 and 8.0.x before 8.0(2)17 allows remote attackers to cause a denial of service (device reload) via a port scan against TCP port 443 on the device. High Jun 5, 2008
CVE-2008-2057 The Instant Messenger (IM) inspection engine in Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.2.x before 7.2(4), 8.0.x before 8.0(3)10, and 8.1.x before 8.1(1)2 allows remote attackers to cause a denial of service via a crafted packet. Medium Jun 5, 2008
CVE-2008-2056 Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 8.0.x before 8.0(3)9 and 8.1.x before 8.1(1)1 allows remote attackers to cause a denial of service (device reload) via a crafted Transport Layer Security (TLS) packet to the device interface. High Jun 5, 2008
CVE-2008-2055 Cisco Adaptive Security Appliance (ASA) and Cisco PIX security appliance 7.1.x before 7.1(2)70, 7.2.x before 7.2(4), and 8.0.x before 8.0(3)10 allows remote attackers to cause a denial of service via a crafted TCP ACK packet to the device interface. High Jun 12, 2008
CVE-2008-2054 Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors. High May 30, 2008
CVE-2008-2053 Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account. High May 22, 2008
CVE-2008-2052 Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. Medium May 5, 2008
CVE-2008-2051 The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." High May 6, 2008
CVE-2008-2050 Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors High May 6, 2008
CVE-2008-2049 The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message. Medium May 5, 2008
CVE-2008-2048 Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. Medium May 9, 2008
CVE-2008-2047 Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp. High May 9, 2008
CVE-2008-2046 Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter. Medium May 2, 2008
CVE-2008-2045 Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory. Medium May 9, 2008
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online