| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1022 | 0.01 | — | 0.07 | Apr 4, 2008 | Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size. | |||
| CVE-2008-1023 | 0.00 | — | 0.05 | Apr 4, 2008 | Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. | |||
| CVE-2007-5661 | 0.00 | — | 0.02 | Apr 4, 2008 | The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine. | |||
| CVE-2008-0555 | 0.00 | — | 0.02 | Apr 4, 2008 | The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers… | |||
| CVE-2008-0884 | 0.00 | — | 0.00 | Apr 4, 2008 | The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a… | |||
| CVE-2008-1373 | 0.00 | — | 0.02 | Apr 4, 2008 | Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484. | |||
| CVE-2008-1374 | 0.00 | — | 0.04 | Apr 4, 2008 | Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888. | |||
| CVE-2008-1680 | 0.03 | — | 0.02 | Apr 4, 2008 | PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc. | |||
| CVE-2008-1331 | 0.04 | — | 0.09 | Apr 2, 2008 | cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter. | |||
| CVE-2008-1654 | 0.00 | — | 0.05 | Apr 2, 2008 | Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated… | |||
| CVE-2008-1657 | 0.00 | — | 0.02 | Apr 2, 2008 | OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. | |||
| CVE-2008-0069 | 0.04 | — | 0.08 | Apr 2, 2008 | Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461. | |||
| CVE-2008-1620 | — | 0.03 | — | 0.03 | Apr 2, 2008 | Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename. | ||
| CVE-2008-1621 | 0.03 | — | 0.01 | Apr 2, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2008-1622 | 0.00 | — | 0.01 | Apr 2, 2008 | Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2008-1623 | 0.03 | — | 0.01 | Apr 2, 2008 | SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-1624 | 0.03 | — | 0.03 | Apr 2, 2008 | Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter. | |||
| CVE-2008-1625 | 0.03 | — | 0.01 | Apr 2, 2008 | aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests. | |||
| CVE-2008-1626 | 0.00 | — | 0.02 | Apr 2, 2008 | SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159. | |||
| CVE-2008-1627 | 0.00 | — | 0.01 | Apr 2, 2008 | CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID. | |||
| CVE-2008-1628 | 0.00 | — | 0.01 | Apr 2, 2008 | Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-1629 | 0.00 | — | 0.01 | Apr 2, 2008 | Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-1630 | 0.00 | — | 0.01 | Apr 2, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5)… | |||
| CVE-2008-1631 | 0.00 | — | 0.01 | Apr 2, 2008 | SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php. | |||
| CVE-2008-1632 | 0.00 | — | 0.01 | Apr 2, 2008 | Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to… | |||
| CVE-2008-1633 | 0.00 | — | 0.02 | Apr 2, 2008 | Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE. | |||
| CVE-2008-1634 | — | 0.00 | — | 0.01 | Apr 2, 2008 | Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | ||
| CVE-2008-1635 | 0.03 | — | 0.03 | Apr 2, 2008 | Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected. | |||
| CVE-2008-1636 | 0.00 | — | 0.01 | Apr 2, 2008 | Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-1637 | 0.00 | — | 0.04 | Apr 2, 2008 | PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external… | |||
| CVE-2008-1638 | 0.00 | — | 0.00 | Apr 2, 2008 | Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse. | |||
| CVE-2008-1639 | 0.03 | — | 0.01 | Apr 2, 2008 | SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php. | |||
| CVE-2008-1640 | 0.03 | — | 0.01 | Apr 2, 2008 | SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action. | |||
| CVE-2008-1641 | 0.03 | — | 0.01 | Apr 2, 2008 | SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter. | |||
| CVE-2008-1642 | 0.00 | — | 0.02 | Apr 2, 2008 | Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2008-1643 | 0.00 | — | 0.02 | Apr 2, 2008 | Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2008-1644 | 0.00 | — | 0.01 | Apr 2, 2008 | SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-1645 | 0.03 | — | 0.02 | Apr 2, 2008 | Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter. | |||
| CVE-2008-1646 | 0.03 | — | 0.03 | Apr 2, 2008 | SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. | |||
| CVE-2008-1647 | 0.04 | — | 0.07 | Apr 2, 2008 | The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these… | |||
| CVE-2008-1648 | 0.00 | — | 0.02 | Apr 2, 2008 | Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-1649 | 0.03 | — | 0.02 | Apr 2, 2008 | Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action. | |||
| CVE-2008-1650 | 0.03 | — | 0.01 | Apr 2, 2008 | SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action. | |||
| CVE-2008-1651 | 0.03 | — | 0.03 | Apr 2, 2008 | Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. | |||
| CVE-2008-1652 | 0.00 | — | 0.02 | Apr 2, 2008 | Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an… | |||
| CVE-2008-1653 | 0.00 | — | 0.01 | Apr 2, 2008 | Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained… | |||
| CVE-2008-1614 | 0.00 | — | 0.00 | Apr 2, 2008 | suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges. | |||
| CVE-2008-1619 | 0.00 | — | 0.01 | Apr 2, 2008 | The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. | |||
| CVE-2008-1515 | 0.00 | — | 0.02 | Apr 1, 2008 | The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks." | |||
| CVE-2008-1612 | 0.00 | — | 0.02 | Apr 1, 2008 | The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for… |
- CVE-2008-1022Apr 4, 2008risk 0.01cvss —epss 0.07
Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.
- CVE-2008-1023Apr 4, 2008risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.
- CVE-2007-5661Apr 4, 2008risk 0.00cvss —epss 0.02
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
- CVE-2008-0555Apr 4, 2008risk 0.00cvss —epss 0.02
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers…
- CVE-2008-0884Apr 4, 2008risk 0.00cvss —epss 0.00
The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a…
- CVE-2008-1373Apr 4, 2008risk 0.00cvss —epss 0.02
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
- CVE-2008-1374Apr 4, 2008risk 0.00cvss —epss 0.04
Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
- CVE-2008-1680Apr 4, 2008risk 0.03cvss —epss 0.02
PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain configuration information via a direct request to maintenance/index.php, which reveals settings such as magic_quotes_gpc.
- CVE-2008-1331Apr 2, 2008risk 0.04cvss —epss 0.09
cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.
- CVE-2008-1654Apr 2, 2008risk 0.00cvss —epss 0.05
Interaction error between Adobe Flash and multiple Universal Plug and Play (UPnP) services allow remote attackers to perform Cross-Site Request Forgery (CSRF) style attacks by using the Flash navigateToURL function to send a SOAP message to a UPnP control point, as demonstrated…
- CVE-2008-1657Apr 2, 2008risk 0.00cvss —epss 0.02
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
- CVE-2008-0069Apr 2, 2008risk 0.04cvss —epss 0.08
Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461.
- CVE-2008-1620Apr 2, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename.
- CVE-2008-1621Apr 2, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2008-1622Apr 2, 2008risk 0.00cvss —epss 0.01
Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2008-1623Apr 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-1624Apr 2, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xPage parameter.
- CVE-2008-1625Apr 2, 2008risk 0.03cvss —epss 0.01
aavmker4.sys in avast! Home and Professional 4.7 for Windows does not properly validate input to IOCTL 0xb2d60030, which allows local users to gain privileges via certain IOCTL requests.
- CVE-2008-1626Apr 2, 2008risk 0.00cvss —epss 0.02
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
- CVE-2008-1627Apr 2, 2008risk 0.00cvss —epss 0.01
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.
- CVE-2008-1628Apr 2, 2008risk 0.00cvss —epss 0.01
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.
- CVE-2008-1629Apr 2, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-1630Apr 2, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5)…
- CVE-2008-1631Apr 2, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.
- CVE-2008-1632Apr 2, 2008risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to…
- CVE-2008-1633Apr 2, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE.
- CVE-2008-1634Apr 2, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder Gallery 3.1 allows remote attackers to inject arbitrary web script or HTML via the image parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-1635Apr 2, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in view_private.php in Keep It Simple Guest Book (KISGB) 5.0.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tmp_theme parameter. NOTE: 5.1.1 is also reportedly affected.
- CVE-2008-1636Apr 2, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-1637Apr 2, 2008risk 0.00cvss —epss 0.04
PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external…
- CVE-2008-1638Apr 2, 2008risk 0.00cvss —epss 0.00
Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.
- CVE-2008-1639Apr 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.
- CVE-2008-1640Apr 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action.
- CVE-2008-1641Apr 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.
- CVE-2008-1642Apr 2, 2008risk 0.00cvss —epss 0.02
Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2008-1643Apr 2, 2008risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.7 SP5 and earlier and 8.8 allows remote attackers to read arbitrary files via unspecified vectors.
- CVE-2008-1644Apr 2, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-1645Apr 2, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in body.php in phpSpamManager (phpSM) 0.53 beta allows remote attackers to read arbitrary local files via a .. (dot dot) in the filename parameter.
- CVE-2008-1646Apr 2, 2008risk 0.03cvss —epss 0.03
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
- CVE-2008-1647Apr 2, 2008risk 0.04cvss —epss 0.07
The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these…
- CVE-2008-1648Apr 2, 2008risk 0.00cvss —epss 0.02
Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information.
- CVE-2008-1649Apr 2, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in EasyNews 4.0 allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_pupublish action.
- CVE-2008-1650Apr 2, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action.
- CVE-2008-1651Apr 2, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in admin/login.php in EasyNews 4.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
- CVE-2008-1652Apr 2, 2008risk 0.00cvss —epss 0.02
Directory traversal vulnerability in the _serve_request_multiple function in lib/Perlbal/ClientHTTPBase.pm in Perlbal before 1.70, when concat get is enabled, allows remote attackers to read arbitrary files in a parent directory via a directory traversal sequence in an…
- CVE-2008-1653Apr 2, 2008risk 0.00cvss —epss 0.01
Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained…
- CVE-2008-1614Apr 2, 2008risk 0.00cvss —epss 0.00
suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.
- CVE-2008-1619Apr 2, 2008risk 0.00cvss —epss 0.01
The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.
- CVE-2008-1515Apr 1, 2008risk 0.00cvss —epss 0.02
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."
- CVE-2008-1612Apr 1, 2008risk 0.00cvss —epss 0.02
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for…