| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0898 | 0.00 | — | 0.01 | Feb 22, 2008 | The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access… | |||
| CVE-2008-0899 | 0.00 | — | 0.01 | Feb 22, 2008 | Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page. | |||
| CVE-2008-0900 | 0.01 | — | 0.10 | Feb 22, 2008 | Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors. | |||
| CVE-2008-0901 | 0.00 | — | 0.02 | Feb 22, 2008 | BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | |||
| CVE-2008-0902 | 0.00 | — | 0.01 | Feb 22, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694. | |||
| CVE-2008-0903 | 0.00 | — | 0.01 | Feb 22, 2008 | Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL. | |||
| CVE-2008-0904 | 0.00 | — | 0.01 | Feb 22, 2008 | Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL. | |||
| CVE-2008-0905 | 0.03 | — | 0.03 | Feb 22, 2008 | Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2008-0906 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation. | |||
| CVE-2008-0907 | 0.03 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||
| CVE-2008-0908 | 0.00 | — | 0.01 | Feb 22, 2008 | SQL injection vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to execute arbitrary SQL commands via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||
| CVE-2008-0909 | 0.00 | — | 0.01 | Feb 22, 2008 | Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-0894 | 0.00 | — | 0.01 | Feb 21, 2008 | Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420. | |||
| CVE-2007-4516 | 0.00 | — | 0.01 | Feb 21, 2008 | The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets. | |||
| CVE-2008-0638 | 0.00 | — | 0.06 | Feb 21, 2008 | Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for… | |||
| CVE-2008-0871 | 0.06 | — | 0.33 | Feb 21, 2008 | Multiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.27 and earlier allow remote attackers to execute arbitrary code via a (1) long password in an Authorization header to the HTTP service or a (2) large packet to the SMPP service. | |||
| CVE-2008-0872 | 0.03 | — | 0.02 | Feb 21, 2008 | Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message. | |||
| CVE-2008-0873 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action. | |||
| CVE-2008-0874 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||
| CVE-2008-0875 | 0.00 | — | 0.01 | Feb 21, 2008 | Unspecified vulnerability in Hitachi EUR Print Manager, and related Client and Local Server products, 05-06 through 05-06-/B and 05-08 allows remote attackers to cause a denial of service (service hang or termination) via unspecified vectors related to "unexpected data." | |||
| CVE-2008-0876 | 0.00 | — | 0.01 | Feb 21, 2008 | Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via "invalid data." | |||
| CVE-2008-0877 | 0.03 | — | 0.01 | Feb 21, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme,… | |||
| CVE-2008-0878 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||
| CVE-2008-0879 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. | |||
| CVE-2008-0880 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||
| CVE-2008-0881 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action. | |||
| CVE-2008-0882 | 0.00 | — | 0.06 | Feb 21, 2008 | Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation… | |||
| CVE-2008-0861 | 0.00 | — | 0.01 | Feb 21, 2008 | Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action. | |||
| CVE-2008-0862 | 0.00 | — | 0.02 | Feb 21, 2008 | IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection. | |||
| CVE-2008-0863 | 0.00 | — | 0.01 | Feb 21, 2008 | BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks. | |||
| CVE-2008-0864 | 0.00 | — | 0.02 | Feb 21, 2008 | Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions. | |||
| CVE-2008-0865 | 0.00 | — | 0.02 | Feb 21, 2008 | Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. | |||
| CVE-2008-0866 | 0.00 | — | 0.01 | Feb 21, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows. | |||
| CVE-2008-0867 | 0.00 | — | 0.01 | Feb 21, 2008 | Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | |||
| CVE-2008-0868 | 0.00 | — | 0.01 | Feb 21, 2008 | Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2008-0869 | 0.00 | — | 0.01 | Feb 21, 2008 | Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive… | |||
| CVE-2008-0870 | 0.00 | — | 0.01 | Feb 21, 2008 | BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session. | |||
| CVE-2007-6426 | 0.00 | — | 0.03 | Feb 21, 2008 | Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data. | |||
| CVE-2008-0847 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||
| CVE-2008-0848 | 0.00 | — | 0.01 | Feb 21, 2008 | Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect. | |||
| CVE-2008-0849 | 0.00 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652. | |||
| CVE-2008-0850 | 0.03 | — | 0.02 | Feb 21, 2008 | Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to… | |||
| CVE-2008-0851 | 0.03 | — | 0.04 | Feb 21, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to… | |||
| CVE-2008-0852 | 0.03 | — | 0.06 | Feb 21, 2008 | freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference. | |||
| CVE-2008-0853 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE. | |||
| CVE-2008-0854 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php. | |||
| CVE-2008-0855 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||
| CVE-2008-0856 | 0.03 | — | 0.01 | Feb 21, 2008 | Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-0857 | 0.03 | — | 0.01 | Feb 21, 2008 | SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page. | |||
| CVE-2008-0858 | 0.00 | — | 0.04 | Feb 21, 2008 | Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors. |
- CVE-2008-0898Feb 22, 2008risk 0.00cvss —epss 0.01
The distributed queue feature in JMS in BEA WebLogic Server 9.0 through 10.0, in certain configurations, does not properly handle when a client cannot send a message to a member of a distributed queue, which allows remote authenticated users to bypass intended access…
- CVE-2008-0899Feb 22, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.
- CVE-2008-0900Feb 22, 2008risk 0.01cvss —epss 0.10
Session fixation vulnerability in BEA WebLogic Server and Express 8.1 SP4 through SP6, 9.2 through MP1, and 10.0 allows remote authenticated users to hijack web sessions via unknown vectors.
- CVE-2008-0901Feb 22, 2008risk 0.00cvss —epss 0.02
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
- CVE-2008-0902Feb 22, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
- CVE-2008-0903Feb 22, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the BEA WebLogic Server and Express proxy plugin, as distributed before November 2007 and before 9.2 MP3 and 10.0 MP2, allows remote attackers to cause a denial of service (web server crash) via a crafted URL.
- CVE-2008-0904Feb 22, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.
- CVE-2008-0905Feb 22, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
- CVE-2008-0906Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
- CVE-2008-0907Feb 22, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
- CVE-2008-0908Feb 22, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to execute arbitrary SQL commands via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-0909Feb 22, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-0894Feb 21, 2008risk 0.00cvss —epss 0.01
Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.
- CVE-2007-4516Feb 21, 2008risk 0.00cvss —epss 0.01
The Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation 5.0 for Windows allows remote attackers to cause a denial of service (daemon crash or hang) via malformed packets.
- CVE-2008-0638Feb 21, 2008risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for…
- CVE-2008-0871Feb 21, 2008risk 0.06cvss —epss 0.33
Multiple stack-based buffer overflows in Now SMS/MMS Gateway 2007.06.27 and earlier allow remote attackers to execute arbitrary code via a (1) long password in an Authorization header to the HTTP service or a (2) large packet to the SMPP service.
- CVE-2008-0872Feb 21, 2008risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message.
- CVE-2008-0873Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action.
- CVE-2008-0874Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
- CVE-2008-0875Feb 21, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Hitachi EUR Print Manager, and related Client and Local Server products, 05-06 through 05-06-/B and 05-08 allows remote attackers to cause a denial of service (service hang or termination) via unspecified vectors related to "unexpected data."
- CVE-2008-0876Feb 21, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the SEWB3 messaging service in Hitachi SEWB3/PLATFORM and SEWB3/MI-PLATFORM 01-00 through 02-14-/A allows remote attackers to cause a denial of service (service outage) via "invalid data."
- CVE-2008-0877Feb 21, 2008risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, and (5) set_theme parameters to (a) index.php; the frontend, theme,…
- CVE-2008-0878Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
- CVE-2008-0879Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
- CVE-2008-0880Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
- CVE-2008-0881Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
- CVE-2008-0882Feb 21, 2008risk 0.00cvss —epss 0.06
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation…
- CVE-2008-0861Feb 21, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action.
- CVE-2008-0862Feb 21, 2008risk 0.00cvss —epss 0.02
IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection.
- CVE-2008-0863Feb 21, 2008risk 0.00cvss —epss 0.01
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service's WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks.
- CVE-2008-0864Feb 21, 2008risk 0.00cvss —epss 0.02
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions.
- CVE-2008-0865Feb 21, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors.
- CVE-2008-0866Feb 21, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows.
- CVE-2008-0867Feb 21, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
- CVE-2008-0868Feb 21, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
- CVE-2008-0869Feb 21, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive…
- CVE-2008-0870Feb 21, 2008risk 0.00cvss —epss 0.01
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
- CVE-2007-6426Feb 21, 2008risk 0.00cvss —epss 0.03
Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and possibly earlier versions, allow remote attackers to execute arbitrary code via crafted compressed data.
- CVE-2008-0847Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
- CVE-2008-0848Feb 21, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect.
- CVE-2008-0849Feb 21, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.
- CVE-2008-0850Feb 21, 2008risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to…
- CVE-2008-0851Feb 21, 2008risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to…
- CVE-2008-0852Feb 21, 2008risk 0.03cvss —epss 0.06
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
- CVE-2008-0853Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.
- CVE-2008-0854Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
- CVE-2008-0855Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
- CVE-2008-0856Feb 21, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-0857Feb 21, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
- CVE-2008-0858Feb 21, 2008risk 0.00cvss —epss 0.04
Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors.