| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2118 | 0.03 | — | 0.01 | May 8, 2008 | SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-5001 | 0.00 | — | 0.00 | May 8, 2008 | Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file. | |||
| CVE-2007-5498 | 0.00 | — | 0.00 | May 8, 2008 | The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks. | |||
| CVE-2007-6282 | 0.00 | — | 0.02 | May 8, 2008 | The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV. | |||
| CVE-2008-1615 | 0.00 | — | 0.00 | May 8, 2008 | Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. | |||
| CVE-2008-1659 | 0.00 | — | 0.01 | May 8, 2008 | Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors. | |||
| CVE-2008-1669 | 0.00 | — | 0.00 | May 8, 2008 | Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." | |||
| CVE-2008-2042 | 0.00 | — | 0.05 | May 8, 2008 | The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback… | |||
| CVE-2008-2112 | 0.00 | — | 0.03 | May 8, 2008 | Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig. | |||
| CVE-2008-2110 | 0.03 | — | 0.02 | May 7, 2008 | Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request. | |||
| CVE-2008-2111 | 0.03 | — | 0.05 | May 7, 2008 | The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption. | |||
| CVE-2008-2107 | 0.00 | — | 0.03 | May 7, 2008 | The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and… | |||
| CVE-2008-2108 | Cri | 0.64 | 9.8 | 0.04 | May 7, 2008 | The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force… | ||
| CVE-2008-2109 | 0.01 | — | 0.07 | May 7, 2008 | field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop. | |||
| CVE-2008-2103 | 0.00 | — | 0.01 | May 7, 2008 | Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list. | |||
| CVE-2008-2104 | 0.00 | — | 0.01 | May 7, 2008 | The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check. | |||
| CVE-2008-2105 | 0.00 | — | 0.01 | May 7, 2008 | email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From… | |||
| CVE-2008-2106 | 0.04 | — | 0.08 | May 7, 2008 | Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value. | |||
| CVE-2008-2096 | 0.03 | — | 0.01 | May 7, 2008 | SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php. | |||
| CVE-2008-2091 | 0.03 | — | 0.02 | May 6, 2008 | Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter. | |||
| CVE-2008-2092 | 0.03 | — | 0.04 | May 6, 2008 | Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios. | |||
| CVE-2008-2093 | 0.03 | — | 0.01 | May 6, 2008 | SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php. | |||
| CVE-2008-2094 | 0.03 | — | 0.01 | May 6, 2008 | SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-2095 | 0.03 | — | 0.01 | May 6, 2008 | SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||
| CVE-2008-2005 | 0.04 | — | 0.16 | May 6, 2008 | The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length… | |||
| CVE-2008-2080 | 0.00 | — | 0.04 | May 6, 2008 | Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags. | |||
| CVE-2008-2087 | 0.03 | — | 0.01 | May 6, 2008 | SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. | |||
| CVE-2008-2088 | 0.03 | — | 0.01 | May 6, 2008 | SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php. | |||
| CVE-2008-2089 | 0.00 | — | 0.02 | May 6, 2008 | Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. | |||
| CVE-2008-2090 | 0.00 | — | 0.02 | May 6, 2008 | Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. | |||
| CVE-2008-0599 | Cri | 0.65 | 9.8 | 0.11 | May 5, 2008 | The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | ||
| CVE-2008-2050 | 0.00 | — | 0.03 | May 5, 2008 | Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors. | |||
| CVE-2008-2051 | 0.00 | — | 0.03 | May 5, 2008 | The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." | |||
| CVE-2008-2081 | 0.03 | — | 0.03 | May 5, 2008 | Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter. | |||
| CVE-2008-2082 | 0.03 | — | 0.01 | May 5, 2008 | Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message. | |||
| CVE-2008-2083 | 0.03 | — | 0.01 | May 5, 2008 | SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||
| CVE-2008-2084 | 0.03 | — | 0.02 | May 5, 2008 | SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action. | |||
| CVE-2008-2072 | 0.03 | — | 0.02 | May 5, 2008 | Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260. | |||
| CVE-2008-2073 | 0.03 | — | 0.03 | May 5, 2008 | Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter. | |||
| CVE-2008-2074 | 0.03 | — | 0.02 | May 5, 2008 | Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3)… | |||
| CVE-2008-2075 | 0.00 | — | 0.02 | May 5, 2008 | Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter. | |||
| CVE-2008-2076 | 0.04 | — | 0.06 | May 5, 2008 | Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter. | |||
| CVE-2008-2077 | 0.00 | — | 0.02 | May 5, 2008 | Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view." | |||
| CVE-2008-2078 | 0.00 | — | 0.01 | May 5, 2008 | Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue. | |||
| CVE-2008-2079 | 0.00 | — | 0.03 | May 5, 2008 | MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL… | |||
| CVE-2008-2063 | 0.03 | — | 0.01 | May 2, 2008 | SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||
| CVE-2008-2064 | 0.00 | — | 0.02 | May 2, 2008 | Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems." | |||
| CVE-2008-2065 | 0.03 | — | 0.01 | May 2, 2008 | SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter. | |||
| CVE-2008-2066 | 0.00 | — | 0.02 | May 2, 2008 | Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable. | |||
| CVE-2008-2067 | 0.00 | — | 0.02 | May 2, 2008 | SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable. |
- CVE-2008-2118May 8, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-5001May 8, 2008risk 0.00cvss —epss 0.00
Linux kernel before 2.4.21 allows local users to cause a denial of service (kernel panic) via asynchronous input or output on a FIFO special file.
- CVE-2007-5498May 8, 2008risk 0.00cvss —epss 0.00
The Xen hypervisor block backend driver for Linux kernel 2.6.18, when running on a 64-bit host with a 32-bit paravirtualized guest, allows local privileged users in the guest OS to cause a denial of service (host OS crash) via a request that specifies a large number of blocks.
- CVE-2007-6282May 8, 2008risk 0.00cvss —epss 0.02
The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service (crash) via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV.
- CVE-2008-1615May 8, 2008risk 0.00cvss —epss 0.00
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.
- CVE-2008-1659May 8, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors.
- CVE-2008-1669May 8, 2008risk 0.00cvss —epss 0.00
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
- CVE-2008-2042May 8, 2008risk 0.00cvss —epss 0.05
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback…
- CVE-2008-2112May 8, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig.
- CVE-2008-2110May 7, 2008risk 0.03cvss —epss 0.02
Unrestricted file upload vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request.
- CVE-2008-2111May 7, 2008risk 0.03cvss —epss 0.05
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.
- CVE-2008-2107May 7, 2008risk 0.00cvss —epss 0.03
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and…
- risk 0.64cvss 9.8epss 0.04
The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force…
- CVE-2008-2109May 7, 2008risk 0.01cvss —epss 0.07
field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.
- CVE-2008-2103May 7, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.
- CVE-2008-2104May 7, 2008risk 0.00cvss —epss 0.01
The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.
- CVE-2008-2105May 7, 2008risk 0.00cvss —epss 0.01
email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From…
- CVE-2008-2106May 7, 2008risk 0.04cvss —epss 0.08
Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated users to cause a denial of service (crash) via a type 7 stats packet, which triggers a memcpy with a negative value.
- CVE-2008-2096May 7, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php.
- CVE-2008-2091May 6, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter.
- CVE-2008-2092May 6, 2008risk 0.03cvss —epss 0.04
Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios.
- CVE-2008-2093May 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.
- CVE-2008-2094May 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-2095May 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
- CVE-2008-2005May 6, 2008risk 0.04cvss —epss 0.16
The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length…
- CVE-2008-2080May 6, 2008risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.
- CVE-2008-2087May 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.
- CVE-2008-2088May 6, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php.
- CVE-2008-2089May 6, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet.
- CVE-2008-2090May 6, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet.
- risk 0.65cvss 9.8epss 0.11
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
- CVE-2008-2050May 5, 2008risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
- CVE-2008-2051May 5, 2008risk 0.00cvss —epss 0.03
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
- CVE-2008-2081May 5, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
- CVE-2008-2082May 5, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.
- CVE-2008-2083May 5, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
- CVE-2008-2084May 5, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action.
- CVE-2008-2072May 5, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260.
- CVE-2008-2073May 5, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in include/global.inc.php in Virtual Design Studio vlbook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the l parameter.
- CVE-2008-2074May 5, 2008risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3)…
- CVE-2008-2075May 5, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 through 2.7.3 allows remote attackers to inject arbitrary web script or HTML via the picfile parameter.
- CVE-2008-2076May 5, 2008risk 0.04cvss —epss 0.06
Directory traversal vulnerability in admin.php in ActualScripts ActualAnalyzer Lite 2.78 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the style parameter.
- CVE-2008-2077May 5, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."
- CVE-2008-2078May 5, 2008risk 0.00cvss —epss 0.01
Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue.
- CVE-2008-2079May 5, 2008risk 0.00cvss —epss 0.03
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL…
- CVE-2008-2063May 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.
- CVE-2008-2064May 2, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems."
- CVE-2008-2065May 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter.
- CVE-2008-2066May 2, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to inject arbitrary web script or HTML via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.
- CVE-2008-2067May 2, 2008risk 0.00cvss —epss 0.02
SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.