| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5900 | 0.04 | — | 0.06 | Jan 12, 2009 | CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these… | |||
| CVE-2008-5899 | 0.04 | — | 0.06 | Jan 12, 2009 | CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these… | |||
| CVE-2008-5898 | 0.04 | — | 0.06 | Jan 12, 2009 | CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these… | |||
| CVE-2008-5897 | 0.04 | — | 0.06 | Jan 12, 2009 | CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of… | |||
| CVE-2008-5896 | 0.03 | — | 0.02 | Jan 12, 2009 | CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these… | |||
| CVE-2008-5895 | 0.03 | — | 0.01 | Jan 12, 2009 | SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||
| CVE-2008-5894 | 0.03 | — | 0.02 | Jan 12, 2009 | Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||
| CVE-2008-5893 | 0.03 | — | 0.02 | Jan 12, 2009 | Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action. | |||
| CVE-2008-5892 | 0.03 | — | 0.01 | Jan 12, 2009 | Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and… | |||
| CVE-2008-5891 | 0.03 | — | 0.01 | Jan 12, 2009 | Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5890 | 0.03 | — | 0.01 | Jan 12, 2009 | SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-5889 | 0.03 | — | 0.01 | Jan 12, 2009 | Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||
| CVE-2008-5888 | 0.03 | — | 0.01 | Jan 12, 2009 | Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in… | |||
| CVE-2008-5887 | 0.01 | — | 0.09 | Jan 12, 2009 | phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." | |||
| CVE-2008-5886 | 0.03 | — | 0.03 | Jan 12, 2009 | TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are… | |||
| CVE-2008-5885 | 0.04 | — | 0.06 | Jan 12, 2009 | The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are… | |||
| CVE-2008-5884 | 0.03 | — | 0.02 | Jan 12, 2009 | AyeView 2.20 allows user-assisted attackers to cause a denial of service (application crash) via a GIF file with a malformed header. | |||
| CVE-2008-5883 | 0.03 | — | 0.03 | Jan 12, 2009 | Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter. | |||
| CVE-2009-0113 | 0.04 | — | 0.07 | Jan 9, 2009 | Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. | |||
| CVE-2009-0112 | 0.00 | — | 0.01 | Jan 9, 2009 | Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. | |||
| CVE-2009-0111 | 0.03 | — | 0.01 | Jan 9, 2009 | SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2009-0110 | 0.03 | — | 0.01 | Jan 9, 2009 | SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||
| CVE-2009-0109 | 0.03 | — | 0.01 | Jan 9, 2009 | SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-0108 | 0.03 | — | 0.03 | Jan 9, 2009 | PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies. | |||
| CVE-2009-0107 | 0.03 | — | 0.01 | Jan 9, 2009 | Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | |||
| CVE-2009-0106 | 0.03 | — | 0.01 | Jan 9, 2009 | SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||
| CVE-2009-0105 | 0.03 | — | 0.01 | Jan 9, 2009 | Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action. | |||
| CVE-2009-0104 | 0.03 | — | 0.01 | Jan 9, 2009 | SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action. | |||
| CVE-2009-0103 | 0.04 | — | 0.10 | Jan 9, 2009 | Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and… | |||
| CVE-2008-5882 | 0.00 | — | 0.01 | Jan 9, 2009 | SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. | |||
| CVE-2008-5881 | 0.04 | — | 0.07 | Jan 9, 2009 | Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to… | |||
| CVE-2009-0072 | 0.01 | — | 0.09 | Jan 8, 2009 | Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element. | |||
| CVE-2009-0071 | 0.04 | — | 0.07 | Jan 8, 2009 | Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2)… | |||
| CVE-2009-0070 | 0.03 | — | 0.03 | Jan 8, 2009 | Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function,… | |||
| CVE-2009-0043 | 0.07 | — | 0.46 | Jan 8, 2009 | The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2008-5880 | 0.03 | — | 0.03 | Jan 8, 2009 | admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok". | |||
| CVE-2008-5879 | 0.03 | — | 0.01 | Jan 8, 2009 | Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors. | |||
| CVE-2008-5878 | 0.03 | — | 0.02 | Jan 8, 2009 | Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the (1) boxname… | |||
| CVE-2008-5877 | 0.03 | — | 0.01 | Jan 8, 2009 | Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php,… | |||
| CVE-2008-5876 | 0.00 | — | 0.04 | Jan 8, 2009 | Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors in the B3D loader. | |||
| CVE-2008-5875 | 0.03 | — | 0.01 | Jan 8, 2009 | SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. | |||
| CVE-2008-5874 | 0.03 | — | 0.01 | Jan 8, 2009 | Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. … | |||
| CVE-2008-4827 | 0.01 | — | 0.07 | Jan 8, 2009 | Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8,… | |||
| CVE-2008-3819 | 0.00 | — | 0.01 | Jan 8, 2009 | dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093. | |||
| CVE-2008-0067 | 0.08 | — | 0.63 | Jan 8, 2009 | Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program,… | |||
| CVE-2008-5873 | 0.03 | — | 0.03 | Jan 8, 2009 | Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username. | |||
| CVE-2008-5872 | 0.00 | — | 0.02 | Jan 8, 2009 | Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a… | |||
| CVE-2008-5871 | 0.00 | — | 0.02 | Jan 8, 2009 | Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command. | |||
| CVE-2008-5870 | 0.03 | — | 0.02 | Jan 8, 2009 | FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942. | |||
| CVE-2008-5869 | 0.03 | — | 0.01 | Jan 8, 2009 | Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID. |
- CVE-2008-5900Jan 12, 2009risk 0.04cvss —epss 0.06
CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these…
- CVE-2008-5899Jan 12, 2009risk 0.04cvss —epss 0.06
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these…
- CVE-2008-5898Jan 12, 2009risk 0.04cvss —epss 0.06
CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these…
- CVE-2008-5897Jan 12, 2009risk 0.04cvss —epss 0.06
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of…
- CVE-2008-5896Jan 12, 2009risk 0.03cvss —epss 0.02
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these…
- CVE-2008-5895Jan 12, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
- CVE-2008-5894Jan 12, 2009risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in Mediatheka 4.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
- CVE-2008-5893Jan 12, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.
- CVE-2008-5892Jan 12, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and…
- CVE-2008-5891Jan 12, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
- CVE-2008-5890Jan 12, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5889Jan 12, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter.
- CVE-2008-5888Jan 12, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in…
- CVE-2008-5887Jan 12, 2009risk 0.01cvss —epss 0.09
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability."
- CVE-2008-5886Jan 12, 2009risk 0.03cvss —epss 0.03
TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE: some of these details are…
- CVE-2008-5885Jan 12, 2009risk 0.04cvss —epss 0.06
The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are…
- CVE-2008-5884Jan 12, 2009risk 0.03cvss —epss 0.02
AyeView 2.20 allows user-assisted attackers to cause a denial of service (application crash) via a GIF file with a malformed header.
- CVE-2008-5883Jan 12, 2009risk 0.03cvss —epss 0.03
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter.
- CVE-2009-0113Jan 9, 2009risk 0.04cvss —epss 0.07
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
- CVE-2009-0112Jan 9, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters.
- CVE-2009-0111Jan 9, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
- CVE-2009-0110Jan 9, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
- CVE-2009-0109Jan 9, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
- CVE-2009-0108Jan 9, 2009risk 0.03cvss —epss 0.03
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain administrative access via modified (1) PHPAUCTION_RM_ID, (2) PHPAUCTION_RM_NAME, (3) PHPAUCTION_RM_USERNAME, and (4) PHPAUCTION_RM_EMAIL cookies.
- CVE-2009-0107Jan 9, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.
- CVE-2009-0106Jan 9, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
- CVE-2009-0105Jan 9, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action.
- CVE-2009-0104Jan 9, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrary SQL commands via the qType parameter in a webboard prog action.
- CVE-2009-0103Jan 9, 2009risk 0.04cvss —epss 0.10
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and…
- CVE-2008-5882Jan 9, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.
- CVE-2008-5881Jan 9, 2009risk 0.04cvss —epss 0.07
Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to…
- CVE-2009-0072Jan 8, 2009risk 0.01cvss —epss 0.09
Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.
- CVE-2009-0071Jan 8, 2009risk 0.04cvss —epss 0.07
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2)…
- CVE-2009-0070Jan 8, 2009risk 0.03cvss —epss 0.03
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function,…
- CVE-2009-0043Jan 8, 2009risk 0.07cvss —epss 0.46
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
- CVE-2008-5880Jan 8, 2009risk 0.03cvss —epss 0.03
admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".
- CVE-2008-5879Jan 8, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors.
- CVE-2008-5878Jan 8, 2009risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the (1) boxname…
- CVE-2008-5877Jan 8, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php,…
- CVE-2008-5876Jan 8, 2009risk 0.00cvss —epss 0.04
Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors in the B3D loader.
- CVE-2008-5875Jan 8, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
- CVE-2008-5874Jan 8, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. …
- CVE-2008-4827Jan 8, 2009risk 0.01cvss —epss 0.07
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8,…
- CVE-2008-3819Jan 8, 2009risk 0.00cvss —epss 0.01
dnsserver in Cisco Application Control Engine Global Site Selector (GSS) before 3.0(1) allows remote attackers to cause a denial of service (daemon crash) via a series of crafted DNS requests, aka Bug ID CSCsj70093.
- CVE-2008-0067Jan 8, 2009risk 0.08cvss —epss 0.63
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program,…
- CVE-2008-5873Jan 8, 2009risk 0.03cvss —epss 0.03
Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username.
- CVE-2008-5872Jan 8, 2009risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attackers to cause a denial of service (device outage) via a UFTP message that has a…
- CVE-2008-5871Jan 8, 2009risk 0.00cvss —epss 0.02
Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the snoop command.
- CVE-2008-5870Jan 8, 2009risk 0.03cvss —epss 0.02
FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942.
- CVE-2008-5869Jan 8, 2009risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID.