| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-4642 | 0.03 | — | 0.01 | Oct 21, 2008 | SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. | |||
| CVE-2008-4641 | 0.00 | — | 0.02 | Oct 21, 2008 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. | |||
| CVE-2008-4640 | 0.00 | — | 0.00 | Oct 21, 2008 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by… | |||
| CVE-2008-4639 | 0.00 | — | 0.00 | Oct 21, 2008 | jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||
| CVE-2008-4638 | 0.00 | — | 0.00 | Oct 21, 2008 | qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message. | |||
| CVE-2008-4637 | 0.00 | — | 0.01 | Oct 21, 2008 | Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121. | |||
| CVE-2008-4121 | 0.00 | — | 0.01 | Oct 21, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to… | |||
| CVE-2008-3248 | 0.00 | — | 0.00 | Oct 21, 2008 | qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating… | |||
| CVE-2007-4350 | 0.00 | — | 0.02 | Oct 21, 2008 | Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message. | |||
| CVE-2008-4635 | 0.00 | — | 0.01 | Oct 21, 2008 | Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors. | |||
| CVE-2008-4634 | 0.00 | — | 0.01 | Oct 21, 2008 | Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079. | |||
| CVE-2008-4633 | 0.00 | — | 0.01 | Oct 21, 2008 | SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote." | |||
| CVE-2008-4632 | 0.03 | — | 0.02 | Oct 21, 2008 | Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters. | |||
| CVE-2008-4631 | 0.00 | — | 0.05 | Oct 21, 2008 | Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE before 4.40 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted message. NOTE: some of these details are obtained from… | |||
| CVE-2008-4630 | 0.00 | — | 0.01 | Oct 21, 2008 | Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors. | |||
| CVE-2008-4629 | 0.00 | — | 0.01 | Oct 21, 2008 | Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-4628 | 0.03 | — | 0.01 | Oct 21, 2008 | SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. | |||
| CVE-2008-4627 | 0.03 | — | 0.01 | Oct 21, 2008 | SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php. | |||
| CVE-2008-4626 | 0.03 | — | 0.05 | Oct 21, 2008 | Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files… | |||
| CVE-2008-4625 | 0.03 | — | 0.03 | Oct 21, 2008 | SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683. | |||
| CVE-2008-4624 | 0.03 | — | 0.04 | Oct 21, 2008 | PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter. | |||
| CVE-2008-4623 | 0.03 | — | 0.01 | Oct 21, 2008 | SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php. | |||
| CVE-2008-4622 | 0.03 | — | 0.03 | Oct 21, 2008 | The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1. | |||
| CVE-2008-4621 | 0.03 | — | 0.01 | Oct 21, 2008 | SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||
| CVE-2008-4620 | 0.03 | — | 0.01 | Oct 21, 2008 | SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php. | |||
| CVE-2008-1547 | 0.07 | — | 0.46 | Oct 21, 2008 | Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. | |||
| CVE-2008-4619 | 0.04 | — | 0.12 | Oct 21, 2008 | The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of… | |||
| CVE-2008-4618 | 0.00 | — | 0.03 | Oct 21, 2008 | The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related… | |||
| CVE-2008-4617 | 0.03 | — | 0.01 | Oct 20, 2008 | SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-4616 | 0.04 | — | 0.07 | Oct 20, 2008 | The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key. | |||
| CVE-2008-4615 | 0.00 | — | 0.01 | Oct 20, 2008 | Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors. | |||
| CVE-2008-4614 | 0.03 | — | 0.03 | Oct 20, 2008 | PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies. | |||
| CVE-2008-4613 | 0.03 | — | 0.02 | Oct 20, 2008 | SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | |||
| CVE-2008-4612 | 0.03 | — | 0.02 | Oct 20, 2008 | Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp and (2) content.asp. | |||
| CVE-2008-4611 | 0.03 | — | 0.01 | Oct 20, 2008 | SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. | |||
| CVE-2008-4610 | 0.04 | — | 0.09 | Oct 20, 2008 | MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718. | |||
| CVE-2008-4609 | 0.03 | — | 0.32 | Oct 20, 2008 | The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate… | |||
| CVE-2008-3831 | 0.00 | — | 0.01 | Oct 20, 2008 | The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial… | |||
| CVE-2007-6718 | 0.00 | — | 0.01 | Oct 20, 2008 | MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as… | |||
| CVE-2008-4606 | 0.03 | — | 0.01 | Oct 18, 2008 | Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already… | |||
| CVE-2008-4605 | 0.03 | — | 0.01 | Oct 18, 2008 | SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php. | |||
| CVE-2008-4604 | 0.03 | — | 0.01 | Oct 18, 2008 | SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | |||
| CVE-2008-4603 | 0.03 | — | 0.01 | Oct 18, 2008 | SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action. | |||
| CVE-2008-4602 | 0.03 | — | 0.02 | Oct 18, 2008 | Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter. | |||
| CVE-2008-4601 | 0.03 | — | 0.03 | Oct 18, 2008 | Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter. | |||
| CVE-2008-4600 | 0.03 | — | 0.03 | Oct 18, 2008 | configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie. | |||
| CVE-2008-4599 | 0.03 | — | 0.01 | Oct 18, 2008 | SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-4598 | 0.00 | — | 0.01 | Oct 17, 2008 | Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597. | |||
| CVE-2008-4597 | 0.00 | — | 0.01 | Oct 17, 2008 | Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors. | |||
| CVE-2008-4596 | 0.00 | — | 0.01 | Oct 17, 2008 | Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages. |
- CVE-2008-4642Oct 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
- CVE-2008-4641Oct 21, 2008risk 0.00cvss —epss 0.02
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
- CVE-2008-4640Oct 21, 2008risk 0.00cvss —epss 0.00
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by…
- CVE-2008-4639Oct 21, 2008risk 0.00cvss —epss 0.00
jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
- CVE-2008-4638Oct 21, 2008risk 0.00cvss —epss 0.00
qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message.
- CVE-2008-4637Oct 21, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121.
- CVE-2008-4121Oct 21, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in a search.quick action to search.php and (2) the name parameter in a sendtofriend action to…
- CVE-2008-3248Oct 21, 2008risk 0.00cvss —epss 0.00
qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating…
- CVE-2007-4350Oct 21, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the management interface in HP SiteScope 9.0 build 911 allows remote attackers to inject arbitrary web script or HTML via an SNMP trap message.
- CVE-2008-4635Oct 21, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors.
- CVE-2008-4634Oct 21, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079.
- CVE-2008-4633Oct 21, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."
- CVE-2008-4632Oct 21, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is disabled, allow remote attackers to read and possibly execute arbitrary local files via a .. (dot dot) in the (1) post and (2) doc parameters.
- CVE-2008-4631Oct 21, 2008risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE before 4.40 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted message. NOTE: some of these details are obtained from…
- CVE-2008-4630Oct 21, 2008risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors.
- CVE-2008-4629Oct 21, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-4628Oct 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
- CVE-2008-4627Oct 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.
- CVE-2008-4626Oct 21, 2008risk 0.03cvss —epss 0.05
Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 and possibly other versions through 2.3.3-beta0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files…
- CVE-2008-4625Oct 21, 2008risk 0.03cvss —epss 0.03
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
- CVE-2008-4624Oct 21, 2008risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.
- CVE-2008-4623Oct 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
- CVE-2008-4622Oct 21, 2008risk 0.03cvss —epss 0.03
The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass authentication and gain administrative access by setting the fn-loggedin cookie to 1.
- CVE-2008-4621Oct 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.
- CVE-2008-4620Oct 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
- CVE-2008-1547Oct 21, 2008risk 0.07cvss —epss 0.46
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
- CVE-2008-4619Oct 21, 2008risk 0.04cvss —epss 0.12
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of…
- CVE-2008-4618Oct 21, 2008risk 0.00cvss —epss 0.03
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related…
- CVE-2008-4617Oct 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-4616Oct 20, 2008risk 0.04cvss —epss 0.07
The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comments by using server-supplied values to calculate a shared key.
- CVE-2008-4615Oct 20, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.
- CVE-2008-4614Oct 20, 2008risk 0.03cvss —epss 0.03
PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows remote attackers to create and delete forums, topics, and replies.
- CVE-2008-4613Oct 20, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
- CVE-2008-4612Oct 20, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp and (2) content.asp.
- CVE-2008-4611Oct 20, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
- CVE-2008-4610Oct 20, 2008risk 0.04cvss —epss 0.09
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
- CVE-2008-4609Oct 20, 2008risk 0.03cvss —epss 0.32
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate…
- CVE-2008-3831Oct 20, 2008risk 0.00cvss —epss 0.01
The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial…
- CVE-2007-6718Oct 20, 2008risk 0.00cvss —epss 0.01
MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as…
- CVE-2008-4606Oct 18, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already…
- CVE-2008-4605Oct 18, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.
- CVE-2008-4604Oct 18, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
- CVE-2008-4603Oct 18, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action.
- CVE-2008-4602Oct 18, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter.
- CVE-2008-4601Oct 18, 2008risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter.
- CVE-2008-4600Oct 18, 2008risk 0.03cvss —epss 0.03
configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.
- CVE-2008-4599Oct 18, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-4598Oct 17, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597.
- CVE-2008-4597Oct 17, 2008risk 0.00cvss —epss 0.01
Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors.
- CVE-2008-4596Oct 17, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages.