| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1053 | 0.03 | — | 0.01 | Feb 27, 2008 | Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php. | |||
| CVE-2008-1054 | 0.04 | — | 0.07 | Feb 27, 2008 | Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP… | |||
| CVE-2008-1055 | 0.04 | — | 0.08 | Feb 27, 2008 | Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. | |||
| CVE-2008-0984 | 0.04 | — | 0.15 | Feb 26, 2008 | The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. | |||
| CVE-2008-0983 | 0.00 | — | 0.02 | Feb 26, 2008 | lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. | |||
| CVE-2008-0596 | 0.00 | — | 0.02 | Feb 26, 2008 | Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers. | |||
| CVE-2008-0597 | 0.00 | — | 0.02 | Feb 26, 2008 | Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets. | |||
| CVE-2008-0923 | 0.00 | — | 0.00 | Feb 26, 2008 | Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character… | |||
| CVE-2008-0973 | 0.00 | — | 0.02 | Feb 25, 2008 | Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field. | |||
| CVE-2008-0974 | 0.00 | — | 0.03 | Feb 25, 2008 | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector value, which raises a "vector too long" exception; or (2) a… | |||
| CVE-2008-0975 | 0.00 | — | 0.02 | Feb 25, 2008 | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector value. | |||
| CVE-2008-0976 | 0.00 | — | 0.04 | Feb 25, 2008 | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1)… | |||
| CVE-2008-0977 | 0.00 | — | 0.02 | Feb 25, 2008 | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain long packet that triggers an attempt to allocate a large amount of memory. | |||
| CVE-2008-0978 | 0.00 | — | 0.01 | Feb 25, 2008 | Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which… | |||
| CVE-2008-0979 | 0.00 | — | 0.03 | Feb 25, 2008 | Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a… | |||
| CVE-2008-0980 | 0.03 | — | 0.01 | Feb 25, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy;… | |||
| CVE-2008-0981 | 0.00 | — | 0.01 | Feb 25, 2008 | Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||
| CVE-2008-0982 | 0.03 | — | 0.02 | Feb 25, 2008 | Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message. | |||
| CVE-2008-0932 | 0.00 | — | 0.03 | Feb 25, 2008 | diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. | |||
| CVE-2008-0941 | 0.00 | — | 0.01 | Feb 25, 2008 | Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event. | |||
| CVE-2008-0942 | 0.03 | — | 0.01 | Feb 25, 2008 | SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter. | |||
| CVE-2008-0943 | 0.03 | — | 0.01 | Feb 25, 2008 | Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp. | |||
| CVE-2008-0944 | 0.04 | — | 0.12 | Feb 25, 2008 | Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero. | |||
| CVE-2008-0945 | 0.01 | — | 0.07 | Feb 25, 2008 | Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via… | |||
| CVE-2008-0946 | 0.00 | — | 0.04 | Feb 25, 2008 | Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field. | |||
| CVE-2008-0939 | 0.03 | — | 0.04 | Feb 25, 2008 | Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to… | |||
| CVE-2008-0940 | 0.00 | — | 0.01 | Feb 25, 2008 | Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407. | |||
| CVE-2008-0933 | 0.00 | — | 0.00 | Feb 25, 2008 | Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore. | |||
| CVE-2008-0934 | 0.03 | — | 0.01 | Feb 25, 2008 | SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action. | |||
| CVE-2008-0935 | 0.08 | — | 0.65 | Feb 25, 2008 | Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method. | |||
| CVE-2008-0936 | 0.03 | — | 0.01 | Feb 25, 2008 | SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||
| CVE-2008-0937 | 0.03 | — | 0.01 | Feb 25, 2008 | SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | |||
| CVE-2008-0938 | 0.00 | — | 0.00 | Feb 25, 2008 | Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126. | |||
| CVE-2008-0911 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter. | |||
| CVE-2008-0912 | 0.04 | — | 0.16 | Feb 22, 2008 | Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a… | |||
| CVE-2008-0913 | 0.00 | — | 0.01 | Feb 22, 2008 | Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context. | |||
| CVE-2008-0914 | 0.00 | — | 0.01 | Feb 22, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in the Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-0915 | 0.00 | — | 0.01 | Feb 22, 2008 | The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 stores the number of remaining allowed login attempts in a cookie, which makes it easier for remote attackers to conduct brute force attacks by manipulating this cookie's value. | |||
| CVE-2008-0916 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php. | |||
| CVE-2008-0917 | 0.00 | — | 0.01 | Feb 22, 2008 | Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi (aka Quotes of the Day) 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor… | |||
| CVE-2008-0918 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the… | |||
| CVE-2008-0919 | 0.03 | — | 0.04 | Feb 22, 2008 | Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter. | |||
| CVE-2008-0920 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular… | |||
| CVE-2008-0921 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0922 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php. | |||
| CVE-2008-0910 | 0.00 | — | 0.03 | Feb 22, 2008 | Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to… | |||
| CVE-2008-0162 | 0.00 | — | 0.00 | Feb 22, 2008 | misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. | |||
| CVE-2008-0895 | 0.00 | — | 0.02 | Feb 22, 2008 | BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers. | |||
| CVE-2008-0896 | 0.00 | — | 0.01 | Feb 22, 2008 | BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions. | |||
| CVE-2008-0897 | 0.00 | — | 0.01 | Feb 22, 2008 | Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to… |
- CVE-2008-1053Feb 27, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.
- CVE-2008-1054Feb 27, 2008risk 0.04cvss —epss 0.07
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP…
- CVE-2008-1055Feb 27, 2008risk 0.04cvss —epss 0.08
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
- CVE-2008-0984Feb 26, 2008risk 0.04cvss —epss 0.15
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
- CVE-2008-0983Feb 26, 2008risk 0.00cvss —epss 0.02
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.
- CVE-2008-0596Feb 26, 2008risk 0.00cvss —epss 0.02
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.
- CVE-2008-0597Feb 26, 2008risk 0.00cvss —epss 0.02
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
- CVE-2008-0923Feb 26, 2008risk 0.00cvss —epss 0.00
Directory traversal vulnerability in the Shared Folders feature for VMWare ACE 1.0.2 and 2.0.2, Player 1.0.4 and 2.0.2, and Workstation 5.5.4 and 6.0.2 allows guest OS users to read and write arbitrary files on the host OS via a multibyte string that produces a wide character…
- CVE-2008-0973Feb 25, 2008risk 0.00cvss —epss 0.02
Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field.
- CVE-2008-0974Feb 25, 2008risk 0.00cvss —epss 0.03
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon termination) via (1) a large vector value, which raises a "vector too long" exception; or (2) a…
- CVE-2008-0975Feb 25, 2008risk 0.00cvss —epss 0.02
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (CPU consumption) via a -1 value in the field that specifies the size of the vector value.
- CVE-2008-0976Feb 25, 2008risk 0.00cvss —epss 0.04
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed packet, as demonstrated by a packet of type (1)…
- CVE-2008-0977Feb 25, 2008risk 0.00cvss —epss 0.02
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain long packet that triggers an attempt to allocate a large amount of memory.
- CVE-2008-0978Feb 25, 2008risk 0.00cvss —epss 0.01
Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type (1) 0x2728, which provides operating system and path information; (2) 0x274e, which…
- CVE-2008-0979Feb 25, 2008risk 0.00cvss —epss 0.03
Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service (daemon crash) via a certain packet that triggers the recursive calling of a…
- CVE-2008-0980Feb 25, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy;…
- CVE-2008-0981Feb 25, 2008risk 0.00cvss —epss 0.01
Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
- CVE-2008-0982Feb 25, 2008risk 0.03cvss —epss 0.02
Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message.
- CVE-2008-0932Feb 25, 2008risk 0.00cvss —epss 0.03
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.
- CVE-2008-0941Feb 25, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an event.
- CVE-2008-0942Feb 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter.
- CVE-2008-0943Feb 25, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.
- CVE-2008-0944Feb 25, 2008risk 0.04cvss —epss 0.12
Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote attackers to cause a denial of service (NULL dereference and application crash) via a version field containing zero.
- CVE-2008-0945Feb 25, 2008risk 0.01cvss —epss 0.07
Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via…
- CVE-2008-0946Feb 25, 2008risk 0.00cvss —epss 0.04
Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.
- CVE-2008-0939Feb 25, 2008risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to…
- CVE-2008-0940Feb 25, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.4.24 allows remote attackers to inject arbitrary web script or HTML when creating a username, a different vulnerability than CVE-2007-0407.
- CVE-2008-0933Feb 25, 2008risk 0.00cvss —epss 0.00
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
- CVE-2008-0934Feb 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
- CVE-2008-0935Feb 25, 2008risk 0.08cvss —epss 0.65
Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method.
- CVE-2008-0936Feb 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
- CVE-2008-0937Feb 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
- CVE-2008-0938Feb 25, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.
- CVE-2008-0911Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
- CVE-2008-0912Feb 22, 2008risk 0.04cvss —epss 0.16
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a…
- CVE-2008-0913Feb 22, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context.
- CVE-2008-0914Feb 22, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-0915Feb 22, 2008risk 0.00cvss —epss 0.01
The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and 2.3 before 2.3.2.14 stores the number of remaining allowed login attempts in a cookie, which makes it easier for remote attackers to conduct brute force attacks by manipulating this cookie's value.
- CVE-2008-0916Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php.
- CVE-2008-0917Feb 22, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi (aka Quotes of the Day) 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor…
- CVE-2008-0918Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the…
- CVE-2008-0919Feb 22, 2008risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
- CVE-2008-0920Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular…
- CVE-2008-0921Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0922Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
- CVE-2008-0910Feb 22, 2008risk 0.00cvss —epss 0.03
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to…
- CVE-2008-0162Feb 22, 2008risk 0.00cvss —epss 0.00
misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.
- CVE-2008-0895Feb 22, 2008risk 0.00cvss —epss 0.02
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers.
- CVE-2008-0896Feb 22, 2008risk 0.00cvss —epss 0.01
BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator deletes a single instance of a content portlet, removes entitlement policies for other content portlets, which allows attackers to bypass intended access restrictions.
- CVE-2008-0897Feb 22, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to…