| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1103 | 0.00 | — | 0.00 | Apr 28, 2008 | Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues." | |||
| CVE-2008-1930 | 0.00 | — | 0.05 | Apr 28, 2008 | The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering… | |||
| CVE-2008-1996 | 0.04 | — | 0.11 | Apr 28, 2008 | licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections. | |||
| CVE-2008-1997 | 0.00 | — | 0.04 | Apr 28, 2008 | Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699. | |||
| CVE-2008-1998 | 0.00 | — | 0.03 | Apr 28, 2008 | The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. | |||
| CVE-2008-1999 | 0.00 | — | 0.01 | Apr 28, 2008 | Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. | |||
| CVE-2008-2000 | 0.00 | — | 0.01 | Apr 28, 2008 | Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | |||
| CVE-2008-2001 | 0.00 | — | 0.02 | Apr 28, 2008 | Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference. | |||
| CVE-2008-2002 | 0.00 | — | 0.01 | Apr 28, 2008 | Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html,… | |||
| CVE-2008-2003 | 0.00 | — | 0.03 | Apr 28, 2008 | BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3)… | |||
| CVE-2008-1670 | 0.00 | — | 0.05 | Apr 28, 2008 | Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. | |||
| CVE-2008-1671 | 0.00 | — | 0.01 | Apr 28, 2008 | start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other… | |||
| CVE-2008-1995 | 0.00 | — | 0.02 | Apr 28, 2008 | Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server. | |||
| CVE-2008-1985 | 0.03 | — | 0.01 | Apr 27, 2008 | Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php. | |||
| CVE-2008-1986 | 0.03 | — | 0.01 | Apr 27, 2008 | Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter. | |||
| CVE-2008-1987 | 0.00 | — | 0.01 | Apr 27, 2008 | Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||
| CVE-2008-1988 | 0.00 | — | 0.03 | Apr 27, 2008 | Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct… | |||
| CVE-2008-1989 | 0.03 | — | 0.04 | Apr 27, 2008 | PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter. | |||
| CVE-2008-1990 | 0.03 | — | 0.01 | Apr 27, 2008 | Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp. | |||
| CVE-2008-1991 | 0.03 | — | 0.02 | Apr 27, 2008 | Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter. | |||
| CVE-2008-1992 | 0.03 | — | 0.03 | Apr 27, 2008 | Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields. | |||
| CVE-2008-1993 | 0.03 | — | 0.03 | Apr 27, 2008 | Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files. | |||
| CVE-2008-1994 | 0.00 | — | 0.00 | Apr 27, 2008 | Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns. | |||
| CVE-2008-1976 | 0.00 | — | 0.01 | Apr 27, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web… | |||
| CVE-2008-1977 | 0.00 | — | 0.01 | Apr 27, 2008 | Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors. | |||
| CVE-2008-1978 | 0.00 | — | 0.01 | Apr 27, 2008 | Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. | |||
| CVE-2008-1979 | 0.03 | — | 0.04 | Apr 27, 2008 | The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read. | |||
| CVE-2008-1980 | 0.00 | — | 0.01 | Apr 27, 2008 | Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-1981 | 0.00 | — | 0.01 | Apr 27, 2008 | Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | |||
| CVE-2008-1982 | 0.03 | — | 0.03 | Apr 27, 2008 | SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |||
| CVE-2008-1983 | 0.03 | — | 0.01 | Apr 27, 2008 | Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php. | |||
| CVE-2008-1984 | 0.00 | — | 0.03 | Apr 27, 2008 | The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882. | |||
| CVE-2008-1974 | 0.03 | — | 0.05 | Apr 27, 2008 | Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||
| CVE-2008-1975 | 0.03 | — | 0.01 | Apr 27, 2008 | SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter. | |||
| CVE-2008-1966 | 0.00 | — | 0.03 | Apr 27, 2008 | Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2)… | |||
| CVE-2008-1967 | 0.03 | — | 0.02 | Apr 27, 2008 | Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter. | |||
| CVE-2008-1968 | 0.03 | — | 0.01 | Apr 27, 2008 | Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp. | |||
| CVE-2008-1969 | 0.03 | — | 0.01 | Apr 27, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles… | |||
| CVE-2008-1970 | 0.00 | — | 0.00 | Apr 27, 2008 | muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials. | |||
| CVE-2008-1971 | 0.03 | — | 0.02 | Apr 27, 2008 | phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php. | |||
| CVE-2008-1972 | 0.00 | — | 0.01 | Apr 27, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1)… | |||
| CVE-2008-1973 | 0.03 | — | 0.06 | Apr 27, 2008 | Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long subtitle file. | |||
| CVE-2008-0712 | 0.00 | — | 0.05 | Apr 25, 2008 | Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might… | |||
| CVE-2008-1953 | 0.00 | — | 0.01 | Apr 25, 2008 | Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2008-1954 | 0.03 | — | 0.01 | Apr 25, 2008 | SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||
| CVE-2008-1955 | 0.03 | — | 0.01 | Apr 25, 2008 | Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. information. | |||
| CVE-2008-1956 | 0.03 | — | 0.01 | Apr 25, 2008 | Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to inject arbitrary web script or HTML via the wiki parameter. | |||
| CVE-2008-1957 | 0.03 | — | 0.01 | Apr 25, 2008 | SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode. | |||
| CVE-2008-1958 | 0.03 | — | 0.03 | Apr 25, 2008 | Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension. | |||
| CVE-2008-1959 | 0.00 | — | 0.03 | Apr 25, 2008 | Stack-based buffer overflow in the get_remote_video_port_media function in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIP message. NOTE: some of these details are obtained from third party… |
- CVE-2008-1103Apr 28, 2008risk 0.00cvss —epss 0.00
Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."
- CVE-2008-1930Apr 28, 2008risk 0.00cvss —epss 0.05
The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering…
- CVE-2008-1996Apr 28, 2008risk 0.04cvss —epss 0.11
licq before 1.3.6 allows remote attackers to cause a denial of service (file-descriptor exhaustion and application crash) via a large number of connections.
- CVE-2008-1997Apr 28, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.
- CVE-2008-1998Apr 28, 2008risk 0.00cvss —epss 0.03
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
- CVE-2008-1999Apr 28, 2008risk 0.00cvss —epss 0.01
Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.
- CVE-2008-2000Apr 28, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.
- CVE-2008-2001Apr 28, 2008risk 0.00cvss —epss 0.02
Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.
- CVE-2008-2002Apr 28, 2008risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html,…
- CVE-2008-2003Apr 28, 2008risk 0.00cvss —epss 0.03
BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3)…
- CVE-2008-1670Apr 28, 2008risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
- CVE-2008-1671Apr 28, 2008risk 0.00cvss —epss 0.01
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other…
- CVE-2008-1995Apr 28, 2008risk 0.00cvss —epss 0.02
Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the server.
- CVE-2008-1985Apr 27, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.
- CVE-2008-1986Apr 27, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter.
- CVE-2008-1987Apr 27, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.php in EncapsGallery 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
- CVE-2008-1988Apr 27, 2008risk 0.00cvss —epss 0.03
Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct…
- CVE-2008-1989Apr 27, 2008risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
- CVE-2008-1990Apr 27, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.
- CVE-2008-1991Apr 27, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
- CVE-2008-1992Apr 27, 2008risk 0.03cvss —epss 0.03
Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields.
- CVE-2008-1993Apr 27, 2008risk 0.03cvss —epss 0.03
Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files.
- CVE-2008-1994Apr 27, 2008risk 0.00cvss —epss 0.00
Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns.
- CVE-2008-1976Apr 27, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web…
- CVE-2008-1977Apr 27, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors.
- CVE-2008-1978Apr 27, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428.
- CVE-2008-1979Apr 27, 2008risk 0.03cvss —epss 0.04
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to TCP port 41523, which triggers a buffer over-read.
- CVE-2008-1980Apr 27, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-1981Apr 27, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.
- CVE-2008-1982Apr 27, 2008risk 0.03cvss —epss 0.03
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
- CVE-2008-1983Apr 27, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php.
- CVE-2008-1984Apr 27, 2008risk 0.00cvss —epss 0.03
The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP port 1882.
- CVE-2008-1974Apr 27, 2008risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
- CVE-2008-1975Apr 27, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.
- CVE-2008-1966Apr 27, 2008risk 0.00cvss —epss 0.03
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2)…
- CVE-2008-1967Apr 27, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in Cezanne 6.5.1 and 7 allows remote attackers to inject arbitrary web script or HTML via the SleUserName parameter.
- CVE-2008-1968Apr 27, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.
- CVE-2008-1969Apr 27, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLinks, and (6) WidgetsTitles…
- CVE-2008-1970Apr 27, 2008risk 0.00cvss —epss 0.00
muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.
- CVE-2008-1971Apr 27, 2008risk 0.03cvss —epss 0.02
phShoutBox Final 1.5 and earlier only checks passwords when specified in $_POST, which allows remote attackers to gain privileges by setting the (1) phadmin cookie to admin.php, or (2) in 1.4 and earlier, the ssbadmin cookie to shoutadmin.php.
- CVE-2008-1972Apr 27, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1)…
- CVE-2008-1973Apr 27, 2008risk 0.03cvss —epss 0.06
Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long subtitle file.
- CVE-2008-0712Apr 25, 2008risk 0.00cvss —epss 0.05
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might…
- CVE-2008-1953Apr 25, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are…
- CVE-2008-1954Apr 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
- CVE-2008-1955Apr 25, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER MyBoard 1.0.12 allows remote attackers to inject arbitrary web script or HTML via the id parameter. information.
- CVE-2008-1956Apr 25, 2008risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus 13 2007.2 allows remote attackers to inject arbitrary web script or HTML via the wiki parameter.
- CVE-2008-1957Apr 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
- CVE-2008-1958Apr 25, 2008risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension.
- CVE-2008-1959Apr 25, 2008risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the get_remote_video_port_media function in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIP message. NOTE: some of these details are obtained from third party…