| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0795 | 0.03 | — | 0.01 | Feb 15, 2008 | SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | |||
| CVE-2008-0796 | 0.03 | — | 0.01 | Feb 15, 2008 | SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter. | |||
| CVE-2008-0797 | 0.00 | — | 0.02 | Feb 15, 2008 | Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter. | |||
| CVE-2008-0798 | 0.03 | — | 0.02 | Feb 15, 2008 | Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date… | |||
| CVE-2008-0799 | 0.03 | — | 0.01 | Feb 15, 2008 | SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action. | |||
| CVE-2008-0800 | 0.03 | — | 0.01 | Feb 15, 2008 | SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action. | |||
| CVE-2008-0801 | 0.03 | — | 0.01 | Feb 15, 2008 | SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter. | |||
| CVE-2008-0802 | 0.03 | — | 0.02 | Feb 15, 2008 | SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action. | |||
| CVE-2008-0803 | 0.06 | — | 0.33 | Feb 15, 2008 | Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\class\Table.php; (2) db_admins.php, (3) db_alert.php, (4) db_double.php, (5)… | |||
| CVE-2008-0526 | 0.00 | — | 0.02 | Feb 15, 2008 | Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. | |||
| CVE-2008-0527 | 0.00 | — | 0.02 | Feb 15, 2008 | The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request. | |||
| CVE-2008-0528 | 0.00 | — | 0.05 | Feb 15, 2008 | Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data. | |||
| CVE-2008-0529 | 0.00 | — | 0.05 | Feb 15, 2008 | Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command. | |||
| CVE-2008-0530 | 0.00 | — | 0.05 | Feb 15, 2008 | Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response. | |||
| CVE-2008-0531 | 0.00 | — | 0.03 | Feb 15, 2008 | Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message. | |||
| CVE-2008-0777 | 0.00 | — | 0.00 | Feb 15, 2008 | The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files. | |||
| CVE-2008-0789 | 0.00 | — | 0.01 | Feb 15, 2008 | SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter. | |||
| CVE-2008-0790 | 0.03 | — | 0.03 | Feb 15, 2008 | Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||
| CVE-2008-0791 | 0.00 | — | 0.02 | Feb 15, 2008 | ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types. | |||
| CVE-2008-0792 | 0.00 | — | 0.02 | Feb 15, 2008 | Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive. | |||
| CVE-2008-0793 | 0.00 | — | 0.01 | Feb 15, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these… | |||
| CVE-2008-0794 | 0.03 | — | 0.02 | Feb 15, 2008 | Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. | |||
| CVE-2008-0642 | Med | 0.40 | 6.1 | 0.01 | Feb 15, 2008 | Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a… | ||
| CVE-2008-0787 | 0.03 | — | 0.01 | Feb 15, 2008 | SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php. | |||
| CVE-2008-0788 | 0.00 | — | 0.01 | Feb 15, 2008 | Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the… | |||
| CVE-2008-0783 | 0.03 | — | 0.05 | Feb 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action… | |||
| CVE-2008-0784 | 0.00 | — | 0.02 | Feb 14, 2008 | graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors. | |||
| CVE-2008-0785 | 0.03 | — | 0.03 | Feb 14, 2008 | Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id… | |||
| CVE-2008-0786 | 0.00 | — | 0.02 | Feb 14, 2008 | CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||
| CVE-2008-0780 | 0.00 | — | 0.02 | Feb 14, 2008 | Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action. | |||
| CVE-2008-0781 | 0.00 | — | 0.03 | Feb 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames. | |||
| CVE-2008-0782 | 0.04 | — | 0.15 | Feb 14, 2008 | Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks… | |||
| CVE-2008-0026 | 0.03 | — | 0.02 | Feb 14, 2008 | SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | |||
| CVE-2008-0778 | 0.04 | — | 0.09 | Feb 14, 2008 | Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3)… | |||
| CVE-2008-0779 | 0.00 | — | 0.00 | Feb 14, 2008 | The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request. | |||
| CVE-2008-0769 | 0.00 | — | 0.01 | Feb 14, 2008 | Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. | |||
| CVE-2008-0770 | 0.03 | — | 0.01 | Feb 14, 2008 | SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter. | |||
| CVE-2008-0771 | 0.00 | — | 0.01 | Feb 14, 2008 | Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-0772 | 0.03 | — | 0.01 | Feb 14, 2008 | SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task. | |||
| CVE-2008-0773 | 0.03 | — | 0.01 | Feb 14, 2008 | SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2008-0774 | 0.00 | — | 0.01 | Feb 14, 2008 | Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2008-0775 | 0.00 | — | 0.01 | Feb 14, 2008 | Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";". | |||
| CVE-2008-0776 | 0.03 | — | 0.01 | Feb 14, 2008 | SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||
| CVE-2008-0768 | 0.00 | — | 0.04 | Feb 13, 2008 | Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. | |||
| CVE-2007-6148 | 0.01 | — | 0.08 | Feb 13, 2008 | Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests. | |||
| CVE-2007-6149 | 0.01 | — | 0.12 | Feb 13, 2008 | Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for… | |||
| CVE-2007-6431 | 0.00 | — | 0.05 | Feb 13, 2008 | Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to "take control of the affected system" via unspecified vectors, a different issue than CVE-2007-6148 and CVE-2007-6149. | |||
| CVE-2007-6701 | 0.01 | — | 0.07 | Feb 13, 2008 | Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than… | |||
| CVE-2008-0639 | 0.02 | — | 0.23 | Feb 13, 2008 | Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than… | |||
| CVE-2008-0658 | 0.00 | — | 0.03 | Feb 13, 2008 | slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. |
- CVE-2008-0795Feb 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
- CVE-2008-0796Feb 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter.
- CVE-2008-0797Feb 15, 2008risk 0.00cvss —epss 0.02
Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter.
- CVE-2008-0798Feb 15, 2008risk 0.03cvss —epss 0.02
Multiple directory traversal vulnerabilities in artmedic webdesign weblog 1.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ta parameter to artmedic_index.php, reached through index.php; and the (2) date…
- CVE-2008-0799Feb 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
- CVE-2008-0800Feb 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
- CVE-2008-0801Feb 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.
- CVE-2008-0802Feb 15, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action.
- CVE-2008-0803Feb 15, 2008risk 0.06cvss —epss 0.33
Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\class\Table.php; (2) db_admins.php, (3) db_alert.php, (4) db_double.php, (5)…
- CVE-2008-0526Feb 15, 2008risk 0.00cvss —epss 0.02
Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet.
- CVE-2008-0527Feb 15, 2008risk 0.00cvss —epss 0.02
The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request.
- CVE-2008-0528Feb 15, 2008risk 0.00cvss —epss 0.05
Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data.
- CVE-2008-0529Feb 15, 2008risk 0.00cvss —epss 0.05
Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.
- CVE-2008-0530Feb 15, 2008risk 0.00cvss —epss 0.05
Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response.
- CVE-2008-0531Feb 15, 2008risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.
- CVE-2008-0777Feb 15, 2008risk 0.00cvss —epss 0.00
The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files.
- CVE-2008-0789Feb 15, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter.
- CVE-2008-0790Feb 15, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- CVE-2008-0791Feb 15, 2008risk 0.00cvss —epss 0.02
ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types.
- CVE-2008-0792Feb 15, 2008risk 0.00cvss —epss 0.02
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
- CVE-2008-0793Feb 15, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) searchtext, (3) jobcategoryid, (4) contactcompany, and unspecified other parameters. NOTE: some of these…
- CVE-2008-0794Feb 15, 2008risk 0.03cvss —epss 0.02
Directory traversal vulnerability in user/header.php in Affiliate Market 0.1 BETA allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a…
- CVE-2008-0787Feb 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
- CVE-2008-0788Feb 15, 2008risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB 1.2.11 and earlier allow remote attackers to (1) hijack the authentication of moderators or administrators for requests that delete threads via a do_multideletethreads action to moderation.php and (2) hijack the…
- CVE-2008-0783Feb 14, 2008risk 0.03cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action…
- CVE-2008-0784Feb 14, 2008risk 0.00cvss —epss 0.02
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
- CVE-2008-0785Feb 14, 2008risk 0.03cvss —epss 0.03
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id…
- CVE-2008-0786Feb 14, 2008risk 0.00cvss —epss 0.02
CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
- CVE-2008-0780Feb 14, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.
- CVE-2008-0781Feb 14, 2008risk 0.00cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.
- CVE-2008-0782Feb 14, 2008risk 0.04cvss —epss 0.15
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks…
- CVE-2008-0026Feb 14, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
- CVE-2008-0778Feb 14, 2008risk 0.04cvss —epss 0.09
Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3)…
- CVE-2008-0779Feb 14, 2008risk 0.00cvss —epss 0.00
The fortimon.sys device driver in Fortinet FortiClient Host Security 3.0 MR5 Patch 3 and earlier does not properly initialize its DeviceExtension, which allows local users to access kernel memory and execute arbitrary code via a crafted request.
- CVE-2008-0769Feb 14, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.
- CVE-2008-0770Feb 14, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter.
- CVE-2008-0771Feb 14, 2008risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
- CVE-2008-0772Feb 14, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.
- CVE-2008-0773Feb 14, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-0774Feb 14, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel Reservation System 3.01 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the hotel_name parameter. NOTE: the provenance of this information is unknown; the details are…
- CVE-2008-0775Feb 14, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";".
- CVE-2008-0776Feb 14, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
- CVE-2008-0768Feb 13, 2008risk 0.00cvss —epss 0.04
Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.
- CVE-2007-6148Feb 13, 2008risk 0.01cvss —epss 0.08
Use-after-free vulnerability in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to execute arbitrary code via an unspecified sequence of Real Time Message Protocol (RTMP) requests.
- CVE-2007-6149Feb 13, 2008risk 0.01cvss —epss 0.12
Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for…
- CVE-2007-6431Feb 13, 2008risk 0.00cvss —epss 0.05
Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allows remote attackers to "take control of the affected system" via unspecified vectors, a different issue than CVE-2007-6148 and CVE-2007-6149.
- CVE-2007-6701Feb 13, 2008risk 0.01cvss —epss 0.07
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than…
- CVE-2008-0639Feb 13, 2008risk 0.02cvss —epss 0.23
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than…
- CVE-2008-0658Feb 13, 2008risk 0.00cvss —epss 0.03
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698.