| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5210 | 0.03 | — | 0.03 | Nov 24, 2008 | Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4)… | |||
| CVE-2008-5209 | 0.03 | — | 0.03 | Nov 24, 2008 | Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2008-5208 | 0.03 | — | 0.02 | Nov 24, 2008 | SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||
| CVE-2008-5207 | 0.00 | — | 0.01 | Nov 21, 2008 | Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details… | |||
| CVE-2008-5206 | 0.00 | — | 0.01 | Nov 21, 2008 | PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in MosXML 1 Alpha allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely… | |||
| CVE-2008-5205 | 0.00 | — | 0.01 | Nov 21, 2008 | Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action. | |||
| CVE-2008-5204 | 0.03 | — | 0.02 | Nov 21, 2008 | Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3)… | |||
| CVE-2008-5203 | 0.03 | — | 0.01 | Nov 21, 2008 | Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter. | |||
| CVE-2008-5202 | 0.03 | — | 0.01 | Nov 21, 2008 | Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter. | |||
| CVE-2008-5201 | 0.03 | — | 0.02 | Nov 21, 2008 | Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC… | |||
| CVE-2008-5200 | 0.03 | — | 0.01 | Nov 21, 2008 | SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||
| CVE-2008-5199 | 0.03 | — | 0.03 | Nov 21, 2008 | PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter. | |||
| CVE-2008-5198 | 0.03 | — | 0.01 | Nov 21, 2008 | SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter. | |||
| CVE-2008-5197 | 0.03 | — | 0.04 | Nov 21, 2008 | SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. | |||
| CVE-2008-5196 | 0.03 | — | 0.01 | Nov 21, 2008 | SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||
| CVE-2008-5195 | 0.03 | — | 0.01 | Nov 21, 2008 | Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors. | |||
| CVE-2008-5194 | 0.03 | — | 0.01 | Nov 21, 2008 | SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-5193 | 0.03 | — | 0.02 | Nov 21, 2008 | Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024. | |||
| CVE-2008-5192 | 0.03 | — | 0.01 | Nov 21, 2008 | SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920. | |||
| CVE-2008-5191 | 0.04 | — | 0.18 | Nov 21, 2008 | Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php. | |||
| CVE-2008-5190 | 0.03 | — | 0.02 | Nov 21, 2008 | SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter. | |||
| CVE-2008-5189 | 0.00 | — | 0.02 | Nov 21, 2008 | CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function. | |||
| CVE-2008-5188 | 0.00 | — | 0.00 | Nov 21, 2008 | The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | |||
| CVE-2008-5187 | 0.00 | — | 0.04 | Nov 21, 2008 | The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a… | |||
| CVE-2008-5186 | 0.00 | — | 0.02 | Nov 21, 2008 | The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a… | |||
| CVE-2008-5185 | 0.03 | — | 0.04 | Nov 21, 2008 | The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<". | |||
| CVE-2008-5184 | 0.00 | — | 0.04 | Nov 21, 2008 | The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription… | |||
| CVE-2008-5183 | Hig | 0.52 | 7.5 | 0.09 | Nov 21, 2008 | cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging… | ||
| CVE-2008-5182 | 0.00 | — | 0.00 | Nov 21, 2008 | The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. | |||
| CVE-2008-5181 | 0.01 | — | 0.13 | Nov 20, 2008 | Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons. | |||
| CVE-2008-5180 | Med | 0.43 | 5.3 | 0.68 | Nov 20, 2008 | Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions. | ||
| CVE-2008-5179 | 0.01 | — | 0.16 | Nov 20, 2008 | Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet. | |||
| CVE-2008-5178 | 0.06 | — | 0.32 | Nov 20, 2008 | Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680. | |||
| CVE-2008-5177 | 0.04 | — | 0.17 | Nov 20, 2008 | Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a… | |||
| CVE-2008-5176 | 0.00 | — | 0.06 | Nov 20, 2008 | Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP… | |||
| CVE-2008-5175 | 0.03 | — | 0.03 | Nov 19, 2008 | Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. | |||
| CVE-2008-5174 | 0.03 | — | 0.01 | Nov 19, 2008 | SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter. | |||
| CVE-2008-5173 | 0.00 | — | 0.02 | Nov 19, 2008 | Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors. | |||
| CVE-2008-5172 | 0.00 | — | 0.01 | Nov 19, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of… | |||
| CVE-2008-5171 | 0.03 | — | 0.03 | Nov 19, 2008 | Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin… | |||
| CVE-2008-5170 | 0.03 | — | 0.01 | Nov 19, 2008 | SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | |||
| CVE-2008-5169 | 0.03 | — | 0.01 | Nov 19, 2008 | SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter. | |||
| CVE-2008-5168 | 0.03 | — | 0.01 | Nov 19, 2008 | SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter. | |||
| CVE-2008-5167 | 0.03 | — | 0.03 | Nov 19, 2008 | PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter. | |||
| CVE-2008-5166 | 0.03 | — | 0.01 | Nov 19, 2008 | SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter. | |||
| CVE-2008-5165 | 0.00 | — | 0.01 | Nov 19, 2008 | Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php. | |||
| CVE-2008-5164 | 0.03 | — | 0.01 | Nov 19, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php. | |||
| CVE-2008-5163 | 0.03 | — | 0.01 | Nov 19, 2008 | Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php. | |||
| CVE-2008-5161 | Low | 0.28 | 3.7 | 0.15 | Nov 19, 2008 | Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and… | ||
| CVE-2008-5160 | 0.03 | — | 0.03 | Nov 18, 2008 | Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error." |
- CVE-2008-5210Nov 24, 2008risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4)…
- CVE-2008-5209Nov 24, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in modules/download/get_file.php in Admidio 1.4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
- CVE-2008-5208Nov 24, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
- CVE-2008-5207Nov 21, 2008risk 0.00cvss —epss 0.01
Multiple directory traversal vulnerabilities in Jonascms 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the taal parameter to (1) backup.php and (2) gb_voegtoe.php. NOTE: the provenance of this information is unknown; the details…
- CVE-2008-5206Nov 21, 2008risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in MosXML 1 Alpha allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely…
- CVE-2008-5205Nov 21, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in edit.php in wellyblog allows remote attackers to inject arbitrary web script or HTML via the articleid parameter in an add action.
- CVE-2008-5204Nov 21, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the lang parameter to (1) agb.php, (2) angemeldet.php, (3)…
- CVE-2008-5203Nov 21, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter.
- CVE-2008-5202Nov 21, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS 24a allows remote attackers to inject arbitrary web script or HTML via the conteudo parameter.
- CVE-2008-5201Nov 21, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC…
- CVE-2008-5200Nov 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
- CVE-2008-5199Nov 21, 2008risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter.
- CVE-2008-5198Nov 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.
- CVE-2008-5197Nov 21, 2008risk 0.03cvss —epss 0.04
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
- CVE-2008-5196Nov 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
- CVE-2008-5195Nov 21, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
- CVE-2008-5194Nov 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-5193Nov 21, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
- CVE-2008-5192Nov 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.
- CVE-2008-5191Nov 21, 2008risk 0.04cvss —epss 0.18
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
- CVE-2008-5190Nov 21, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.
- CVE-2008-5189Nov 21, 2008risk 0.00cvss —epss 0.02
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
- CVE-2008-5188Nov 21, 2008risk 0.00cvss —epss 0.00
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
- CVE-2008-5187Nov 21, 2008risk 0.00cvss —epss 0.04
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a…
- CVE-2008-5186Nov 21, 2008risk 0.00cvss —epss 0.02
The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a…
- CVE-2008-5185Nov 21, 2008risk 0.03cvss —epss 0.04
The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".
- CVE-2008-5184Nov 21, 2008risk 0.00cvss —epss 0.04
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription…
- risk 0.52cvss 7.5epss 0.09
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging…
- CVE-2008-5182Nov 21, 2008risk 0.00cvss —epss 0.00
The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.
- CVE-2008-5181Nov 20, 2008risk 0.01cvss —epss 0.13
Microsoft Communicator allows remote attackers to cause a denial of service (application or device outage) via instant messages containing large numbers of emoticons.
- risk 0.43cvss 5.3epss 0.68
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
- CVE-2008-5179Nov 20, 2008risk 0.01cvss —epss 0.16
Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver report packet.
- CVE-2008-5178Nov 20, 2008risk 0.06cvss —epss 0.32
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
- CVE-2008-5177Nov 20, 2008risk 0.04cvss —epss 0.17
Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a…
- CVE-2008-5176Nov 20, 2008risk 0.00cvss —epss 0.06
Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP…
- CVE-2008-5175Nov 19, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
- CVE-2008-5174Nov 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.
- CVE-2008-5173Nov 19, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors.
- CVE-2008-5172Nov 19, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of…
- CVE-2008-5171Nov 19, 2008risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin…
- CVE-2008-5170Nov 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
- CVE-2008-5169Nov 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.
- CVE-2008-5168Nov 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter.
- CVE-2008-5167Nov 19, 2008risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
- CVE-2008-5166Nov 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.
- CVE-2008-5165Nov 19, 2008risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
- CVE-2008-5164Nov 19, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php.
- CVE-2008-5163Nov 19, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.
- risk 0.28cvss 3.7epss 0.15
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and…
- CVE-2008-5160Nov 18, 2008risk 0.03cvss —epss 0.03
Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error."