| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5776 | 0.03 | — | 0.02 | Dec 30, 2008 | Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments,… | |||
| CVE-2008-5775 | 0.03 | — | 0.01 | Dec 30, 2008 | SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-5774 | 0.03 | — | 0.01 | Dec 30, 2008 | Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp. | |||
| CVE-2008-5773 | 0.03 | — | 0.03 | Dec 30, 2008 | Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb. | |||
| CVE-2008-5772 | 0.03 | — | 0.01 | Dec 30, 2008 | Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp. | |||
| CVE-2008-5771 | 0.03 | — | 0.02 | Dec 30, 2008 | Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. | |||
| CVE-2008-5770 | 0.03 | — | 0.03 | Dec 30, 2008 | Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2008-5769 | 0.00 | — | 0.01 | Dec 30, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are… | |||
| CVE-2008-5768 | 0.03 | — | 0.01 | Dec 30, 2008 | SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-5767 | 0.03 | — | 0.01 | Dec 30, 2008 | SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter. | |||
| CVE-2008-5766 | 0.03 | — | 0.02 | Dec 30, 2008 | SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-5765 | 0.03 | — | 0.06 | Dec 30, 2008 | WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt. | |||
| CVE-2008-5764 | 0.05 | — | 0.30 | Dec 30, 2008 | PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||
| CVE-2008-5763 | 0.05 | — | 0.26 | Dec 30, 2008 | PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter. | |||
| CVE-2008-5762 | 0.03 | — | 0.03 | Dec 30, 2008 | Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt. | |||
| CVE-2008-5761 | 0.03 | — | 0.02 | Dec 30, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name… | |||
| CVE-2008-5760 | 0.00 | — | 0.01 | Dec 30, 2008 | Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5759 | 0.03 | — | 0.01 | Dec 30, 2008 | Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is… | |||
| CVE-2008-5758 | 0.00 | — | 0.01 | Dec 30, 2008 | Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages. | |||
| CVE-2008-5757 | 0.00 | — | 0.01 | Dec 30, 2008 | Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from… | |||
| CVE-2008-5756 | 0.03 | — | 0.05 | Dec 30, 2008 | Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file. | |||
| CVE-2008-5755 | 0.03 | — | 0.06 | Dec 30, 2008 | Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494. | |||
| CVE-2008-5754 | 0.03 | — | 0.05 | Dec 30, 2008 | Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753. | |||
| CVE-2008-5753 | 0.04 | — | 0.07 | Dec 30, 2008 | Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar. | |||
| CVE-2008-5752 | 0.03 | — | 0.06 | Dec 30, 2008 | Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details… | |||
| CVE-2008-5751 | 0.03 | — | 0.01 | Dec 30, 2008 | SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action. | |||
| CVE-2008-5750 | 0.05 | — | 0.21 | Dec 29, 2008 | Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. | |||
| CVE-2008-5749 | 0.03 | — | 0.04 | Dec 29, 2008 | Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission"… | |||
| CVE-2008-5748 | Hig | 0.56 | 8.1 | 0.10 | Dec 29, 2008 | Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters. | ||
| CVE-2008-5747 | 0.00 | — | 0.03 | Dec 29, 2008 | F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a "corrupted" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor. | |||
| CVE-2008-5746 | 0.00 | — | 0.00 | Dec 29, 2008 | Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files. | |||
| CVE-2008-5745 | 0.05 | — | 0.21 | Dec 29, 2008 | Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has… | |||
| CVE-2008-4539 | 0.00 | — | 0.01 | Dec 29, 2008 | Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue… | |||
| CVE-2008-5744 | 0.00 | — | 0.00 | Dec 26, 2008 | Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong… | |||
| CVE-2008-5743 | 0.00 | — | 0.00 | Dec 26, 2008 | pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2008-5742 | 0.03 | — | 0.02 | Dec 26, 2008 | Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to… | |||
| CVE-2008-5498 | 0.04 | — | 0.09 | Dec 26, 2008 | Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image. | |||
| CVE-2008-5739 | 0.03 | — | 0.02 | Dec 26, 2008 | SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter. | |||
| CVE-2008-5738 | 0.03 | — | 0.03 | Dec 26, 2008 | Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5737 | 0.03 | — | 0.01 | Dec 26, 2008 | SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2008-5736 | 0.03 | — | 0.01 | Dec 26, 2008 | Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to… | |||
| CVE-2008-5735 | 0.04 | — | 0.07 | Dec 26, 2008 | Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file. | |||
| CVE-2008-5734 | 0.00 | — | 0.01 | Dec 26, 2008 | Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message. | |||
| CVE-2008-5733 | 0.03 | — | 0.01 | Dec 26, 2008 | SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-5732 | 0.04 | — | 0.13 | Dec 26, 2008 | Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file. | |||
| CVE-2008-5731 | 0.03 | — | 0.01 | Dec 26, 2008 | The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of… | |||
| CVE-2008-5730 | 0.03 | — | 0.02 | Dec 26, 2008 | Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file. | |||
| CVE-2008-5729 | 0.03 | — | 0.01 | Dec 26, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php. | |||
| CVE-2008-5728 | 0.03 | — | 0.02 | Dec 26, 2008 | Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in… | |||
| CVE-2008-5727 | 0.03 | — | 0.02 | Dec 26, 2008 | SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string. |
- CVE-2008-5776Dec 30, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) action parameter to admin.php and the (2) get parameter to index.php. NOTE: in some environments,…
- CVE-2008-5775Dec 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5774Dec 30, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp.
- CVE-2008-5773Dec 30, 2008risk 0.03cvss —epss 0.03
Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb.
- CVE-2008-5772Dec 30, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
- CVE-2008-5771Dec 30, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in test.php in PHP Weather 2.2.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
- CVE-2008-5770Dec 30, 2008risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
- CVE-2008-5769Dec 30, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are…
- CVE-2008-5768Dec 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5767Dec 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
- CVE-2008-5766Dec 30, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5765Dec 30, 2008risk 0.03cvss —epss 0.06
WorkSimple 1.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for data/usr.txt.
- CVE-2008-5764Dec 30, 2008risk 0.05cvss —epss 0.30
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
- CVE-2008-5763Dec 30, 2008risk 0.05cvss —epss 0.26
PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter.
- CVE-2008-5762Dec 30, 2008risk 0.03cvss —epss 0.03
Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt.
- CVE-2008-5761Dec 30, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name…
- CVE-2008-5760Dec 30, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-5759Dec 30, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is…
- CVE-2008-5758Dec 30, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages.
- CVE-2008-5757Dec 30, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from…
- CVE-2008-5756Dec 30, 2008risk 0.03cvss —epss 0.05
Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.
- CVE-2008-5755Dec 30, 2008risk 0.03cvss —epss 0.06
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.
- CVE-2008-5754Dec 30, 2008risk 0.03cvss —epss 0.05
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
- CVE-2008-5753Dec 30, 2008risk 0.04cvss —epss 0.07
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
- CVE-2008-5752Dec 30, 2008risk 0.03cvss —epss 0.06
Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details…
- CVE-2008-5751Dec 30, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
- CVE-2008-5750Dec 29, 2008risk 0.05cvss —epss 0.21
Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
- CVE-2008-5749Dec 29, 2008risk 0.03cvss —epss 0.04
Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission"…
- risk 0.56cvss 8.1epss 0.10
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
- CVE-2008-5747Dec 29, 2008risk 0.00cvss —epss 0.03
F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a "corrupted" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor.
- CVE-2008-5746Dec 29, 2008risk 0.00cvss —epss 0.00
Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.
- CVE-2008-5745Dec 29, 2008risk 0.05cvss —epss 0.21
Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has…
- CVE-2008-4539Dec 29, 2008risk 0.00cvss —epss 0.01
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue…
- CVE-2008-5744Dec 26, 2008risk 0.00cvss —epss 0.00
Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong…
- CVE-2008-5743Dec 26, 2008risk 0.00cvss —epss 0.00
pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2008-5742Dec 26, 2008risk 0.03cvss —epss 0.02
Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to…
- CVE-2008-5498Dec 26, 2008risk 0.04cvss —epss 0.09
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
- CVE-2008-5739Dec 26, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
- CVE-2008-5738Dec 26, 2008risk 0.03cvss —epss 0.03
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information.
- CVE-2008-5737Dec 26, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.
- CVE-2008-5736Dec 26, 2008risk 0.03cvss —epss 0.01
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to…
- CVE-2008-5735Dec 26, 2008risk 0.04cvss —epss 0.07
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
- CVE-2008-5734Dec 26, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message.
- CVE-2008-5733Dec 26, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5732Dec 26, 2008risk 0.04cvss —epss 0.13
Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
- CVE-2008-5731Dec 26, 2008risk 0.03cvss —epss 0.01
The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of…
- CVE-2008-5730Dec 26, 2008risk 0.03cvss —epss 0.02
Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a %0a sequence in a cookie and (2) the add.php file.
- CVE-2008-5729Dec 26, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php.
- CVE-2008-5728Dec 26, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in…
- CVE-2008-5727Dec 26, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string.