| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3330 | 0.00 | — | 0.01 | Jul 27, 2008 | Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name. | |||
| CVE-2008-3305 | 0.03 | — | 0.04 | Jul 25, 2008 | Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter. | |||
| CVE-2008-3306 | 0.03 | — | 0.01 | Jul 25, 2008 | SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2008-3307 | 0.03 | — | 0.01 | Jul 25, 2008 | SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306. | |||
| CVE-2008-3308 | 0.03 | — | 0.02 | Jul 25, 2008 | PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter. | |||
| CVE-2008-3309 | 0.03 | — | 0.01 | Jul 25, 2008 | SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||
| CVE-2008-3310 | 0.03 | — | 0.01 | Jul 25, 2008 | SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2008-3311 | 0.03 | — | 0.02 | Jul 25, 2008 | PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | |||
| CVE-2008-3312 | 0.03 | — | 0.02 | Jul 25, 2008 | Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is… | |||
| CVE-2008-3313 | 0.03 | — | 0.02 | Jul 25, 2008 | Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to… | |||
| CVE-2008-3314 | 0.04 | — | 0.08 | Jul 25, 2008 | ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference. | |||
| CVE-2008-3315 | 0.03 | — | 0.02 | Jul 25, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e)… | |||
| CVE-2008-3316 | 0.00 | — | 0.01 | Jul 25, 2008 | Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3)… | |||
| CVE-2008-3317 | 0.04 | — | 0.08 | Jul 25, 2008 | admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. | |||
| CVE-2008-3318 | 0.04 | — | 0.08 | Jul 25, 2008 | admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. | |||
| CVE-2008-3319 | 0.04 | — | 0.08 | Jul 25, 2008 | admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. | |||
| CVE-2008-3320 | 0.04 | — | 0.07 | Jul 25, 2008 | admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. | |||
| CVE-2008-3321 | 0.04 | — | 0.08 | Jul 25, 2008 | admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. | |||
| CVE-2008-3322 | 0.04 | — | 0.07 | Jul 25, 2008 | admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. | |||
| CVE-2008-3325 | 0.00 | — | 0.01 | Jul 25, 2008 | Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. | |||
| CVE-2008-3326 | 0.00 | — | 0.02 | Jul 25, 2008 | Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title). | |||
| CVE-2008-3327 | 0.00 | — | 0.01 | Jul 25, 2008 | Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message. | |||
| CVE-2008-3295 | 0.03 | — | 0.03 | Jul 25, 2008 | Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-3296 | 0.03 | — | 0.06 | Jul 25, 2008 | Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely… | |||
| CVE-2008-3297 | 0.00 | — | 0.02 | Jul 25, 2008 | Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php. | |||
| CVE-2008-3298 | 0.00 | — | 0.01 | Jul 25, 2008 | SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code. | |||
| CVE-2008-3299 | 0.03 | — | 0.06 | Jul 25, 2008 | eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-3300 | 0.03 | — | 0.06 | Jul 25, 2008 | AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-3301 | 0.03 | — | 0.02 | Jul 25, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to… | |||
| CVE-2008-3302 | 0.03 | — | 0.02 | Jul 25, 2008 | SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter. | |||
| CVE-2008-3303 | 0.03 | — | 0.05 | Jul 25, 2008 | admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters. | |||
| CVE-2008-3304 | 0.03 | — | 0.06 | Jul 25, 2008 | BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message. | |||
| CVE-2008-3291 | 0.03 | — | 0.02 | Jul 24, 2008 | SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-3292 | 0.04 | — | 0.07 | Jul 24, 2008 | constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php. | |||
| CVE-2008-3293 | 0.04 | — | 0.09 | Jul 24, 2008 | Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter. | |||
| CVE-2008-3294 | 0.00 | — | 0.04 | Jul 24, 2008 | src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window,… | |||
| CVE-2008-3285 | 0.04 | — | 0.07 | Jul 24, 2008 | The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters. | |||
| CVE-2008-3286 | 0.04 | — | 0.09 | Jul 24, 2008 | SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command… | |||
| CVE-2008-3287 | 0.00 | — | 0.03 | Jul 24, 2008 | retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference. | |||
| CVE-2008-3288 | 0.00 | — | 0.02 | Jul 24, 2008 | The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords. | |||
| CVE-2008-3289 | Hig | 0.49 | 7.5 | 0.05 | Jul 24, 2008 | EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet. | ||
| CVE-2008-3290 | 0.00 | — | 0.03 | Jul 24, 2008 | retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version… | |||
| CVE-2008-3247 | 0.00 | — | 0.00 | Jul 24, 2008 | The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors. | |||
| CVE-2008-3264 | 0.00 | — | 0.03 | Jul 24, 2008 | The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows… | |||
| CVE-2008-3265 | 0.03 | — | 0.03 | Jul 24, 2008 | SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php. | |||
| CVE-2008-3266 | 0.03 | — | 0.02 | Jul 24, 2008 | SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||
| CVE-2008-3267 | 0.03 | — | 0.02 | Jul 24, 2008 | SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. | |||
| CVE-2008-3268 | 0.00 | — | 0.02 | Jul 24, 2008 | Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these… | |||
| CVE-2008-3269 | 0.04 | — | 0.11 | Jul 24, 2008 | WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321. | |||
| CVE-2008-3263 | 0.05 | — | 0.28 | Jul 22, 2008 | The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote… |
- CVE-2008-3330Jul 27, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.
- CVE-2008-3305Jul 25, 2008risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
- CVE-2008-3306Jul 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2008-3307Jul 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.
- CVE-2008-3308Jul 25, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter.
- CVE-2008-3309Jul 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
- CVE-2008-3310Jul 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2008-3311Jul 25, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
- CVE-2008-3312Jul 25, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is…
- CVE-2008-3313Jul 25, 2008risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to…
- CVE-2008-3314Jul 25, 2008risk 0.04cvss —epss 0.08
ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference.
- CVE-2008-3315Jul 25, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e)…
- CVE-2008-3316Jul 25, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3)…
- CVE-2008-3317Jul 25, 2008risk 0.04cvss —epss 0.08
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
- CVE-2008-3318Jul 25, 2008risk 0.04cvss —epss 0.08
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
- CVE-2008-3319Jul 25, 2008risk 0.04cvss —epss 0.08
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
- CVE-2008-3320Jul 25, 2008risk 0.04cvss —epss 0.07
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
- CVE-2008-3321Jul 25, 2008risk 0.04cvss —epss 0.08
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
- CVE-2008-3322Jul 25, 2008risk 0.04cvss —epss 0.07
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
- CVE-2008-3325Jul 25, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
- CVE-2008-3326Jul 25, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
- CVE-2008-3327Jul 25, 2008risk 0.00cvss —epss 0.01
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.
- CVE-2008-3295Jul 25, 2008risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-3296Jul 25, 2008risk 0.03cvss —epss 0.06
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely…
- CVE-2008-3297Jul 25, 2008risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
- CVE-2008-3298Jul 25, 2008risk 0.00cvss —epss 0.01
SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.
- CVE-2008-3299Jul 25, 2008risk 0.03cvss —epss 0.06
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-3300Jul 25, 2008risk 0.03cvss —epss 0.06
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-3301Jul 25, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to…
- CVE-2008-3302Jul 25, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
- CVE-2008-3303Jul 25, 2008risk 0.03cvss —epss 0.05
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
- CVE-2008-3304Jul 25, 2008risk 0.03cvss —epss 0.06
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.
- CVE-2008-3291Jul 24, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-3292Jul 24, 2008risk 0.04cvss —epss 0.07
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
- CVE-2008-3293Jul 24, 2008risk 0.04cvss —epss 0.09
Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.
- CVE-2008-3294Jul 24, 2008risk 0.00cvss —epss 0.04
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window,…
- CVE-2008-3285Jul 24, 2008risk 0.04cvss —epss 0.07
The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.
- CVE-2008-3286Jul 24, 2008risk 0.04cvss —epss 0.09
SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command…
- CVE-2008-3287Jul 24, 2008risk 0.00cvss —epss 0.03
retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference.
- CVE-2008-3288Jul 24, 2008risk 0.00cvss —epss 0.02
The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.
- risk 0.49cvss 7.5epss 0.05
EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.
- CVE-2008-3290Jul 24, 2008risk 0.00cvss —epss 0.03
retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version…
- CVE-2008-3247Jul 24, 2008risk 0.00cvss —epss 0.00
The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.
- CVE-2008-3264Jul 24, 2008risk 0.00cvss —epss 0.03
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows…
- CVE-2008-3265Jul 24, 2008risk 0.03cvss —epss 0.03
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
- CVE-2008-3266Jul 24, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter.
- CVE-2008-3267Jul 24, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
- CVE-2008-3268Jul 24, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these…
- CVE-2008-3269Jul 24, 2008risk 0.04cvss —epss 0.11
WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321.
- CVE-2008-3263Jul 22, 2008risk 0.05cvss —epss 0.28
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote…