| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-6690 | 0.00 | — | 0.02 | Jan 17, 2008 | The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors. | |||
| CVE-2007-6691 | 0.00 | — | 0.02 | Jan 17, 2008 | Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure… | |||
| CVE-2007-6692 | 0.00 | — | 0.02 | Jan 17, 2008 | Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules. | |||
| CVE-2007-6693 | 0.00 | — | 0.02 | Jan 17, 2008 | Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request." | |||
| CVE-2008-0302 | 0.00 | — | 0.01 | Jan 17, 2008 | Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory. | |||
| CVE-2007-6681 | 0.04 | — | 0.17 | Jan 17, 2008 | Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. | |||
| CVE-2007-6682 | 0.04 | — | 0.15 | Jan 17, 2008 | Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | |||
| CVE-2007-6683 | 0.00 | — | 0.03 | Jan 17, 2008 | The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. | |||
| CVE-2007-6684 | 0.00 | — | 0.02 | Jan 17, 2008 | The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | |||
| CVE-2008-0081 | Cri | 0.71 | 9.8 | 0.58 | Jan 16, 2008 | Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. | ||
| CVE-2008-0297 | 0.03 | — | 0.03 | Jan 16, 2008 | PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. | |||
| CVE-2008-0298 | 0.03 | — | 0.03 | Jan 16, 2008 | KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | |||
| CVE-2008-0299 | 0.00 | — | 0.02 | Jan 16, 2008 | common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. | |||
| CVE-2008-0291 | 0.03 | — | 0.01 | Jan 16, 2008 | SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||
| CVE-2008-0292 | 0.00 | — | 0.01 | Jan 16, 2008 | Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-0293 | 0.00 | — | 0.01 | Jan 16, 2008 | Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function. | |||
| CVE-2008-0294 | 0.00 | — | 0.01 | Jan 16, 2008 | Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors. | |||
| CVE-2008-0295 | 0.00 | — | 0.11 | Jan 16, 2008 | Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description… | |||
| CVE-2008-0296 | 0.00 | — | 0.15 | Jan 16, 2008 | Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. | |||
| CVE-2007-5655 | 0.00 | — | 0.06 | Jan 16, 2008 | TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers. | |||
| CVE-2007-5656 | 0.00 | — | 0.05 | Jan 16, 2008 | TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations… | |||
| CVE-2007-5657 | 0.00 | — | 0.06 | Jan 16, 2008 | TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets. | |||
| CVE-2007-5658 | 0.01 | — | 0.06 | Jan 16, 2008 | Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger… | |||
| CVE-2008-0032 | 0.00 | — | 0.04 | Jan 16, 2008 | Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. | |||
| CVE-2008-0033 | 0.00 | — | 0.05 | Jan 16, 2008 | Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. | |||
| CVE-2008-0036 | 0.00 | — | 0.05 | Jan 16, 2008 | Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. | |||
| CVE-2008-0031 | 0.00 | — | 0.03 | Jan 16, 2008 | Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. | |||
| CVE-2008-0034 | 0.00 | — | 0.00 | Jan 16, 2008 | Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. | |||
| CVE-2008-0035 | 0.00 | — | 0.05 | Jan 16, 2008 | Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that… | |||
| CVE-2008-0122 | 0.01 | — | 0.12 | Jan 16, 2008 | Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that… | |||
| CVE-2008-0216 | 0.00 | — | 0.00 | Jan 16, 2008 | The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. | |||
| CVE-2008-0217 | 0.00 | — | 0.00 | Jan 16, 2008 | The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. | |||
| CVE-2008-0287 | 0.03 | — | 0.02 | Jan 16, 2008 | PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php. | |||
| CVE-2008-0288 | 0.03 | — | 0.01 | Jan 16, 2008 | Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id… | |||
| CVE-2008-0289 | 0.03 | — | 0.02 | Jan 16, 2008 | PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the… | |||
| CVE-2008-0290 | 0.03 | — | 0.01 | Jan 16, 2008 | Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the… | |||
| CVE-2008-0286 | 0.03 | — | 0.01 | Jan 16, 2008 | SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. | |||
| CVE-2008-0285 | 0.00 | — | 0.02 | Jan 16, 2008 | ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. | |||
| CVE-2008-0280 | 0.03 | — | 0.01 | Jan 15, 2008 | SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter. | |||
| CVE-2008-0281 | 0.03 | — | 0.01 | Jan 15, 2008 | SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter. | |||
| CVE-2008-0282 | 0.03 | — | 0.01 | Jan 15, 2008 | SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter. | |||
| CVE-2008-0283 | 0.03 | — | 0.02 | Jan 15, 2008 | PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||
| CVE-2008-0284 | 0.00 | — | 0.01 | Jan 15, 2008 | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. | |||
| CVE-2008-0001 | 0.00 | — | 0.00 | Jan 15, 2008 | VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. | |||
| CVE-2008-0173 | 0.00 | — | 0.02 | Jan 15, 2008 | SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. | |||
| CVE-2008-0253 | 0.03 | — | 0.01 | Jan 15, 2008 | SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter. | |||
| CVE-2008-0254 | 0.03 | — | 0.01 | Jan 15, 2008 | SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter. | |||
| CVE-2008-0255 | 0.03 | — | 0.02 | Jan 15, 2008 | SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter. | |||
| CVE-2008-0256 | 0.03 | — | 0.01 | Jan 15, 2008 | Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp. | |||
| CVE-2008-0257 | 0.00 | — | 0.01 | Jan 15, 2008 | Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… |
- CVE-2007-6690Jan 17, 2008risk 0.00cvss —epss 0.02
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
- CVE-2007-6691Jan 17, 2008risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure…
- CVE-2007-6692Jan 17, 2008risk 0.00cvss —epss 0.02
Open redirect vulnerability in Menalto Gallery before 2.2.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) Core and (2) print modules.
- CVE-2007-6693Jan 17, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."
- CVE-2008-0302Jan 17, 2008risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.
- CVE-2007-6681Jan 17, 2008risk 0.04cvss —epss 0.17
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
- CVE-2007-6682Jan 17, 2008risk 0.04cvss —epss 0.15
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
- CVE-2007-6683Jan 17, 2008risk 0.00cvss —epss 0.03
The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
- CVE-2007-6684Jan 17, 2008risk 0.00cvss —epss 0.02
The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.
- risk 0.71cvss 9.8epss 0.58
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
- CVE-2008-0297Jan 16, 2008risk 0.03cvss —epss 0.03
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
- CVE-2008-0298Jan 16, 2008risk 0.03cvss —epss 0.03
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.
- CVE-2008-0299Jan 16, 2008risk 0.00cvss —epss 0.02
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.
- CVE-2008-0291Jan 16, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
- CVE-2008-0292Jan 16, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-0293Jan 16, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function.
- CVE-2008-0294Jan 16, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors.
- CVE-2008-0295Jan 16, 2008risk 0.00cvss —epss 0.11
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description…
- CVE-2008-0296Jan 16, 2008risk 0.00cvss —epss 0.15
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
- CVE-2007-5655Jan 16, 2008risk 0.00cvss —epss 0.06
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
- CVE-2007-5656Jan 16, 2008risk 0.00cvss —epss 0.05
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations…
- CVE-2007-5657Jan 16, 2008risk 0.00cvss —epss 0.06
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
- CVE-2007-5658Jan 16, 2008risk 0.01cvss —epss 0.06
Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger…
- CVE-2008-0032Jan 16, 2008risk 0.00cvss —epss 0.04
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.
- CVE-2008-0033Jan 16, 2008risk 0.00cvss —epss 0.05
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
- CVE-2008-0036Jan 16, 2008risk 0.00cvss —epss 0.05
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.
- CVE-2008-0031Jan 16, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
- CVE-2008-0034Jan 16, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.
- CVE-2008-0035Jan 16, 2008risk 0.00cvss —epss 0.05
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that…
- CVE-2008-0122Jan 16, 2008risk 0.01cvss —epss 0.12
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that…
- CVE-2008-0216Jan 16, 2008risk 0.00cvss —epss 0.00
The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.
- CVE-2008-0217Jan 16, 2008risk 0.00cvss —epss 0.00
The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.
- CVE-2008-0287Jan 16, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php.
- CVE-2008-0288Jan 16, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id…
- CVE-2008-0289Jan 16, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the…
- CVE-2008-0290Jan 16, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the…
- CVE-2008-0286Jan 16, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields.
- CVE-2008-0285Jan 16, 2008risk 0.00cvss —epss 0.02
ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.
- CVE-2008-0280Jan 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.
- CVE-2008-0281Jan 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.
- CVE-2008-0282Jan 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.
- CVE-2008-0283Jan 15, 2008risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
- CVE-2008-0284Jan 15, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments.
- CVE-2008-0001Jan 15, 2008risk 0.00cvss —epss 0.00
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.
- CVE-2008-0173Jan 15, 2008risk 0.00cvss —epss 0.02
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
- CVE-2008-0253Jan 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.
- CVE-2008-0254Jan 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.
- CVE-2008-0255Jan 15, 2008risk 0.03cvss —epss 0.02
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.
- CVE-2008-0256Jan 15, 2008risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.
- CVE-2008-0257Jan 15, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…