The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2008-5216 | SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | High | Nov 24, 2008 |
| CVE-2008-5215 | SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter. | High | Nov 24, 2008 |
| CVE-2008-5214 | Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter. | Medium | Nov 24, 2008 |
| CVE-2008-5213 | SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action. | High | Nov 24, 2008 |
| CVE-2008-5212 | SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | High | Nov 24, 2008 |
| CVE-2008-5211 | Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506. | Low | Nov 24, 2008 |
| CVE-2008-5210 | Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776. | High | Nov 24, 2008 |
| CVE-2008-5209 | Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | Medium | Nov 24, 2008 |
| CVE-2008-5208 | SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | High | Nov 24, 2008 |
| CVE-2008-5207 | Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Nov 24, 2008 |
| CVE-2008-5206 | PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in MosXML 1 Alpha allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Nov 24, 2008 |
| CVE-2008-5205 | Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action. | Medium | Nov 24, 2008 |
| CVE-2008-5204 | Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3) anmelden.php, (4) charts.php, (5) external_vote.php, (6) guestbook.php, (7) impressum.php, (8) index.php, (9) rss-reader.php, (10) statistic.php, (11) teilnehmer.php, (12) topsites.php, (13) votecode.php, (14) voting.php, and (15) winner.php. | Medium | Nov 24, 2008 |
| CVE-2008-5203 | Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter. | Medium | Nov 24, 2008 |
| CVE-2008-5202 | Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter. | Medium | Nov 24, 2008 |
| CVE-2008-5201 | Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL. | High | Nov 24, 2008 |
| CVE-2008-5200 | SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | High | Nov 24, 2008 |
| CVE-2008-5199 | PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter. | High | Nov 24, 2008 |
| CVE-2008-5198 | SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter. | High | Nov 24, 2008 |
| CVE-2008-5197 | SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. | High | Nov 24, 2008 |
| CVE-2008-5196 | SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | High | Nov 24, 2008 |
| CVE-2008-5195 | Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors. | High | Nov 21, 2008 |
| CVE-2008-5194 | SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | High | Nov 24, 2008 |
| CVE-2008-5193 | Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024. | Medium | Nov 21, 2008 |
| CVE-2008-5192 | SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920. | High | Nov 21, 2008 |
| CVE-2008-5191 | Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php. | High | Nov 21, 2008 |
| CVE-2008-5190 | SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter. | High | Nov 21, 2008 |
| CVE-2008-5189 | CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. | Medium | Nov 21, 2008 |
| CVE-2008-5188 | The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | High | Nov 21, 2008 |
| CVE-2008-5187 | The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a pointer arithmetic error and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Nov 21, 2008 |
| CVE-2008-5186 | ** DISPUTED ** The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path. | High | Nov 21, 2008 |
| CVE-2008-5185 | The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using <. | Medium | Nov 21, 2008 |
| CVE-2008-5184 | The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | High | Nov 21, 2008 |
| CVE-2008-5183 | cupsd in CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. | Medium | Nov 21, 2008 |
| CVE-2008-5182 | The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. | Medium | Nov 21, 2008 |
| CVE-2008-5181 | Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. | Medium | Nov 20, 2008 |
| CVE-2008-5180 | Microsoft Communicator allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. | Medium | Nov 20, 2008 |
| CVE-2008-5179 | Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. | Medium | Nov 20, 2008 |
| CVE-2008-5178 | Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. | High | Nov 20, 2008 |
| CVE-2008-5177 | Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a Windows platform, related to ytwindtb.dll; via a long username field during authentication. | High | Nov 20, 2008 |
| CVE-2008-5176 | Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515. | High | Nov 20, 2008 |
| CVE-2008-5175 | Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. | High | Nov 21, 2008 |
| CVE-2008-5174 | SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter. | High | Nov 19, 2008 |
| CVE-2008-5173 | Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors. | High | Nov 19, 2008 |
| CVE-2008-5172 | Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Nov 19, 2008 |
| CVE-2008-5171 | Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters. | High | Nov 19, 2008 |
| CVE-2008-5170 | SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | High | Nov 19, 2008 |
| CVE-2008-5169 | SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter. | High | Nov 20, 2008 |
| CVE-2008-5168 | SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter. | High | Nov 19, 2008 |
| CVE-2008-5167 | PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter. | High | Nov 19, 2008 |
