| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5638 | 0.03 | — | 0.01 | Dec 17, 2008 | Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp. | |||
| CVE-2008-5637 | 0.03 | — | 0.02 | Dec 17, 2008 | SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter. | |||
| CVE-2008-5636 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-5635 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5634 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5633 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5632 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5631 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5630 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter. | |||
| CVE-2008-5629 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action. | |||
| CVE-2008-5628 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter. | |||
| CVE-2008-5627 | 0.03 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5626 | 0.06 | — | 0.36 | Dec 17, 2008 | XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument. | |||
| CVE-2008-5625 | 0.04 | — | 0.07 | Dec 17, 2008 | PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file. | |||
| CVE-2008-5624 | 0.00 | — | 0.02 | Dec 17, 2008 | PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as… | |||
| CVE-2008-5558 | 0.00 | — | 0.02 | Dec 17, 2008 | Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname… | |||
| CVE-2008-5621 | 0.03 | — | 0.02 | Dec 17, 2008 | Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other… | |||
| CVE-2008-5620 | 0.00 | — | 0.03 | Dec 17, 2008 | RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image. | |||
| CVE-2008-5619 | 0.00 | — | 0.54 | Dec 17, 2008 | html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the… | |||
| CVE-2008-5618 | 0.00 | — | 0.01 | Dec 17, 2008 | imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages. | |||
| CVE-2008-5617 | 0.00 | — | 0.02 | Dec 17, 2008 | The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages. | |||
| CVE-2008-5081 | 0.08 | — | 0.59 | Dec 17, 2008 | The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. | |||
| CVE-2008-5616 | 0.01 | — | 0.08 | Dec 17, 2008 | Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file. | |||
| CVE-2008-5609 | 0.00 | — | 0.01 | Dec 17, 2008 | SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2008-4237 | 0.00 | — | 0.02 | Dec 17, 2008 | Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock… | |||
| CVE-2008-4236 | 0.00 | — | 0.02 | Dec 17, 2008 | Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. | |||
| CVE-2008-4234 | 0.00 | — | 0.05 | Dec 17, 2008 | Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which… | |||
| CVE-2008-4224 | 0.00 | — | 0.02 | Dec 17, 2008 | UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. | |||
| CVE-2008-4223 | 0.00 | — | 0.05 | Dec 17, 2008 | Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. | |||
| CVE-2008-4222 | 0.00 | — | 0.04 | Dec 17, 2008 | natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet. | |||
| CVE-2008-4221 | 0.00 | — | 0.03 | Dec 17, 2008 | The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation. | |||
| CVE-2008-4220 | 0.00 | — | 0.04 | Dec 17, 2008 | Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory… | |||
| CVE-2008-4219 | 0.00 | — | 0.00 | Dec 17, 2008 | The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application. | |||
| CVE-2008-4218 | 0.00 | — | 0.00 | Dec 17, 2008 | Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt. | |||
| CVE-2008-4217 | 0.00 | — | 0.05 | Dec 17, 2008 | Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow. | |||
| CVE-2008-5608 | 0.03 | — | 0.03 | Dec 16, 2008 | ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb. | |||
| CVE-2008-5607 | 0.03 | — | 0.01 | Dec 16, 2008 | SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||
| CVE-2008-5606 | 0.03 | — | 0.03 | Dec 16, 2008 | Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb. | |||
| CVE-2008-5605 | 0.03 | — | 0.02 | Dec 16, 2008 | Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp. | |||
| CVE-2008-5604 | 0.03 | — | 0.02 | Dec 16, 2008 | Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter. | |||
| CVE-2008-5603 | 0.03 | — | 0.03 | Dec 16, 2008 | ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb. | |||
| CVE-2008-5602 | 0.03 | — | 0.03 | Dec 16, 2008 | Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb. | |||
| CVE-2008-5601 | 0.03 | — | 0.03 | Dec 16, 2008 | User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb. | |||
| CVE-2008-5600 | 0.03 | — | 0.03 | Dec 16, 2008 | Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb. | |||
| CVE-2008-5599 | 0.03 | — | 0.01 | Dec 16, 2008 | SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-5598 | 0.03 | — | 0.03 | Dec 16, 2008 | Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter. | |||
| CVE-2008-5597 | 0.03 | — | 0.03 | Dec 16, 2008 | Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb. | |||
| CVE-2008-5596 | 0.03 | — | 0.03 | Dec 16, 2008 | Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb. | |||
| CVE-2008-5595 | 0.03 | — | 0.01 | Dec 16, 2008 | SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||
| CVE-2008-5594 | 0.03 | — | 0.03 | Dec 16, 2008 | Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters. |
- CVE-2008-5638Dec 17, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp.
- CVE-2008-5637Dec 17, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
- CVE-2008-5636Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-5635Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
- CVE-2008-5634Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
- CVE-2008-5633Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
- CVE-2008-5632Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
- CVE-2008-5631Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-5630Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
- CVE-2008-5629Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action.
- CVE-2008-5628Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter.
- CVE-2008-5627Dec 17, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-5626Dec 17, 2008risk 0.06cvss —epss 0.36
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
- CVE-2008-5625Dec 17, 2008risk 0.04cvss —epss 0.07
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.
- CVE-2008-5624Dec 17, 2008risk 0.00cvss —epss 0.02
PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as…
- CVE-2008-5558Dec 17, 2008risk 0.00cvss —epss 0.02
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname…
- CVE-2008-5621Dec 17, 2008risk 0.03cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other…
- CVE-2008-5620Dec 17, 2008risk 0.00cvss —epss 0.03
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
- CVE-2008-5619Dec 17, 2008risk 0.00cvss —epss 0.54
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the…
- CVE-2008-5618Dec 17, 2008risk 0.00cvss —epss 0.01
imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.
- CVE-2008-5617Dec 17, 2008risk 0.00cvss —epss 0.02
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
- CVE-2008-5081Dec 17, 2008risk 0.08cvss —epss 0.59
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
- CVE-2008-5616Dec 17, 2008risk 0.01cvss —epss 0.08
Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
- CVE-2008-5609Dec 17, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2008-4237Dec 17, 2008risk 0.00cvss —epss 0.02
Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock…
- CVE-2008-4236Dec 17, 2008risk 0.00cvss —epss 0.02
Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file.
- CVE-2008-4234Dec 17, 2008risk 0.00cvss —epss 0.05
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which…
- CVE-2008-4224Dec 17, 2008risk 0.00cvss —epss 0.02
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file.
- CVE-2008-4223Dec 17, 2008risk 0.00cvss —epss 0.05
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.
- CVE-2008-4222Dec 17, 2008risk 0.00cvss —epss 0.04
natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet.
- CVE-2008-4221Dec 17, 2008risk 0.00cvss —epss 0.03
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
- CVE-2008-4220Dec 17, 2008risk 0.00cvss —epss 0.04
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory…
- CVE-2008-4219Dec 17, 2008risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application.
- CVE-2008-4218Dec 17, 2008risk 0.00cvss —epss 0.00
Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt.
- CVE-2008-4217Dec 17, 2008risk 0.00cvss —epss 0.05
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
- CVE-2008-5608Dec 16, 2008risk 0.03cvss —epss 0.03
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
- CVE-2008-5607Dec 16, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
- CVE-2008-5606Dec 16, 2008risk 0.03cvss —epss 0.03
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.
- CVE-2008-5605Dec 16, 2008risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
- CVE-2008-5604Dec 16, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
- CVE-2008-5603Dec 16, 2008risk 0.03cvss —epss 0.03
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
- CVE-2008-5602Dec 16, 2008risk 0.03cvss —epss 0.03
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.
- CVE-2008-5601Dec 16, 2008risk 0.03cvss —epss 0.03
User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.
- CVE-2008-5600Dec 16, 2008risk 0.03cvss —epss 0.03
Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.
- CVE-2008-5599Dec 16, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information.
- CVE-2008-5598Dec 16, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter.
- CVE-2008-5597Dec 16, 2008risk 0.03cvss —epss 0.03
Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.
- CVE-2008-5596Dec 16, 2008risk 0.03cvss —epss 0.03
Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.
- CVE-2008-5595Dec 16, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.
- CVE-2008-5594Dec 16, 2008risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.