| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2008-4000 | Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edward... | | |
| CVE-2008-4001 | Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Enterpr... | | |
| CVE-2008-4002 | Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edward... | | |
| CVE-2008-4003 | Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edward... | | |
| CVE-2008-4004 | Unspecified vulnerability in the JDE EnterpriseOne Business Service Server component in Oracle Peopl... | | |
| CVE-2008-4005 | Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 al... | | |
| CVE-2008-4006 | Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 all... | | |
| CVE-2008-4007 | Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Ent... | | |
| CVE-2008-4008 | Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 1... | | |
| CVE-2008-4009 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configurin... | | |
| CVE-2008-4010 | Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 M... | | |
| CVE-2008-4011 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9... | | |
| CVE-2008-4012 | Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite WLW 8.1SP5 allows ... | S | |
| CVE-2008-4013 | Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9... | | |
| CVE-2008-4014 | Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server ... | | |
| CVE-2008-4015 | Unspecified vulnerability in the Oracle Streams component in Oracle Database 10.1.0.5 allows remote ... | | |
| CVE-2008-4016 | Unspecified vulnerability in the Collaborative Workspaces component in Oracle Collaboration Suite 10... | | |
| CVE-2008-4017 | Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote ... | | |
| CVE-2008-4018 | swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to c... | | |
| CVE-2008-4019 | Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2... | S | |
| CVE-2008-4020 | Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to injec... | S | |
| CVE-2008-4021 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4022 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4023 | Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2... | S | |
| CVE-2008-4024 | Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execut... | | |
| CVE-2008-4025 | Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlo... | | |
| CVE-2008-4026 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and... | | |
| CVE-2008-4027 | Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and S... | | |
| CVE-2008-4028 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1... | | |
| CVE-2008-4029 | Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer,... | S | |
| CVE-2008-4030 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1... | | |
| CVE-2008-4031 | Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1... | | |
| CVE-2008-4032 | Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properl... | | |
| CVE-2008-4033 | Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expr... | S | |
| CVE-2008-4034 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4035 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4036 | Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vis... | S | |
| CVE-2008-4037 | Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold an... | E S | |
| CVE-2008-4038 | Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold ... | S | |
| CVE-2008-4039 | SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arb... | E | |
| CVE-2008-4040 | Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote a... | E | |
| CVE-2008-4041 | The IMAP server in Softalk Mail Server (formerly WorkgroupMail) 8.5.1.431 allows remote authenticate... | | |
| CVE-2008-4042 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3889. Reason: This candida... | R | |
| CVE-2008-4043 | Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute a... | E | |
| CVE-2008-4044 | SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allow... | E | |
| CVE-2008-4045 | Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject a... | | |
| CVE-2008-4046 | SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrar... | E | |
| CVE-2008-4047 | Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 all... | S | |
| CVE-2008-4048 | Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Techn... | E | |
| CVE-2008-4049 | A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3... | E | |
| CVE-2008-4050 | A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3... | E | |
| CVE-2008-4051 | Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote atta... | E | |
| CVE-2008-4052 | Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 a... | S | |
| CVE-2008-4053 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3... | E | |
| CVE-2008-4054 | SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers t... | E | |
| CVE-2008-4055 | SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows... | E | |
| CVE-2008-4056 | Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote ... | E | |
| CVE-2008-4057 | Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attac... | | |
| CVE-2008-4058 | The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before ... | | |
| CVE-2008-4059 | The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNa... | S | |
| CVE-2008-4060 | Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey bef... | S | |
| CVE-2008-4061 | Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Th... | S | |
| CVE-2008-4062 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunde... | | |
| CVE-2008-4063 | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to c... | | |
| CVE-2008-4064 | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to c... | | |
| CVE-2008-4065 | Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey bef... | E | |
| CVE-2008-4066 | Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cros... | E | |
| CVE-2008-4067 | Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbi... | E | |
| CVE-2008-4068 | Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbi... | | |
| CVE-2008-4069 | The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attacke... | | |
| CVE-2008-4070 | Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows... | E S | |
| CVE-2008-4071 | A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Ex... | E | |
| CVE-2008-4072 | Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute... | E | |
| CVE-2008-4073 | SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers ... | E | |
| CVE-2008-4074 | SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers ... | E | |
| CVE-2008-4075 | Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to ... | E | |
| CVE-2008-4076 | Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS ... | S | |
| CVE-2008-4077 | The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow re... | S | |
| CVE-2008-4078 | SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 an... | S | |
| CVE-2008-4079 | Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier... | S | |
| CVE-2008-4080 | SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attacke... | E | |
| CVE-2008-4081 | admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrat... | E | |
| CVE-2008-4082 | SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, al... | E | |
| CVE-2008-4083 | Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authentic... | E | |
| CVE-2008-4084 | SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3... | E | |
| CVE-2008-4085 | plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on ... | S | |
| CVE-2008-4086 | SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to ... | E | |
| CVE-2008-4087 | Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to c... | E | |
| CVE-2008-4088 | SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attacker... | E | |
| CVE-2008-4089 | Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows re... | E | |
| CVE-2008-4090 | SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute... | E | |
| CVE-2008-4091 | SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to ex... | E | |
| CVE-2008-4092 | SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote a... | E | |
| CVE-2008-4093 | SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc... | E | |
| CVE-2008-4094 | Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execu... | E S | |
| CVE-2008-4095 | Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impac... | | |
| CVE-2008-4096 | libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users... | E S | |
| CVE-2008-4097 | MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyI... | | |
| CVE-2008-4098 | MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on... | S | |
| CVE-2008-4099 | PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transa... | E | |
| CVE-2008-4100 | GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, w... | E | |
| CVE-2008-4101 | Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted a... | E S | |
| CVE-2008-4102 | Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attacker... | | |
| CVE-2008-4103 | The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without vali... | | |
| CVE-2008-4104 | Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirec... | | |
| CVE-2008-4105 | JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar... | | |
| CVE-2008-4106 | WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings t... | E S | |
| CVE-2008-4107 | The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random n... | | |
| CVE-2008-4108 | Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow loc... | | |
| CVE-2008-4109 | A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and... | S | |
| CVE-2008-4110 | Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Micros... | E | |
| CVE-2008-4111 | Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) ... | S | |
| CVE-2008-4112 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3195. Reason: This candida... | R | |
| CVE-2008-4113 | The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Prot... | E | |
| CVE-2008-4114 | srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2... | E | |
| CVE-2008-4115 | TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to i... | E | |
| CVE-2008-4116 | Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of... | E | |
| CVE-2008-4117 | Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and... | S | |
| CVE-2008-4118 | Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers t... | S | |
| CVE-2008-4119 | Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11... | | |
| CVE-2008-4120 | Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inj... | | |
| CVE-2008-4121 | Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce before 1.2.4 allow remote attacker... | E | |
| CVE-2008-4122 | Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes i... | | |
| CVE-2008-4125 | The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, whic... | | |
| CVE-2008-4126 | PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS r... | | |
| CVE-2008-4127 | Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta 8.0.6001 on Windows XP SP2 allo... | | |
| CVE-2008-4128 | Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in C... | E | |
| CVE-2008-4129 | Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symboli... | S | |
| CVE-2008-4130 | Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 allows remote attackers to inje... | S | |
| CVE-2008-4131 | Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privilege... | S | |
| CVE-2008-4132 | Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne VSFlexGrid... | E | |
| CVE-2008-4133 | The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter ... | | |
| CVE-2008-4134 | PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, an... | E | |
| CVE-2008-4135 | Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 Ra-6 and Nseries N82 allows remot... | E | |
| CVE-2008-4136 | Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of se... | E | |
| CVE-2008-4137 | PHP remote file inclusion vulnerability in footer.php in PHP-Crawler 0.8 allows remote attackers to ... | E | |
| CVE-2008-4138 | PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in... | E | |
| CVE-2008-4139 | Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remo... | E | |
| CVE-2008-4140 | Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to i... | E | |
| CVE-2008-4141 | Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow ... | E | |
| CVE-2008-4142 | SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary... | E | |
| CVE-2008-4143 | SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote atta... | E | |
| CVE-2008-4144 | SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attacker... | E | |
| CVE-2008-4145 | SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_qu... | E | |
| CVE-2008-4146 | Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modi... | E | |
| CVE-2008-4147 | Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.... | S | |
| CVE-2008-4148 | SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a m... | S | |
| CVE-2008-4149 | Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to Us module 5.x before 5.x-1.1 f... | S | |
| CVE-2008-4150 | SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to e... | E | |
| CVE-2008-4151 | Directory traversal vulnerability in collect.php in CYASK 3.x allows remote attackers to read arbitr... | E | |
| CVE-2008-4152 | Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.... | S | |
| CVE-2008-4153 | The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform acc... | S | |
| CVE-2008-4154 | SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary ... | E | |
| CVE-2008-4155 | Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrar... | E | |
| CVE-2008-4156 | SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gp... | E | |
| CVE-2008-4157 | SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to exe... | E | |
| CVE-2008-4158 | Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attacke... | E | |
| CVE-2008-4159 | SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attacker... | E | |
| CVE-2008-4160 | Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local... | | |
| CVE-2008-4161 | SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute ar... | E | |
| CVE-2008-4162 | Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users... | | |
| CVE-2008-4163 | Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows re... | | |
| CVE-2008-4164 | cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information v... | E | |
| CVE-2008-4165 | admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET req... | S | |
| CVE-2008-4166 | Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote at... | E | |
| CVE-2008-4167 | useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authent... | E | |
| CVE-2008-4168 | Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote a... | | |
| CVE-2008-4169 | SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote att... | E | |
| CVE-2008-4170 | create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information v... | | |
| CVE-2008-4171 | SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x ... | S | |
| CVE-2008-4172 | SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote at... | E | |
| CVE-2008-4173 | SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL ... | E | |
| CVE-2008-4174 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dynamic MP3 Lister 2.0.1 allow r... | | |
| CVE-2008-4175 | Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbi... | E | |
| CVE-2008-4176 | SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to exe... | E | |
| CVE-2008-4177 | SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to exe... | E | |
| CVE-2008-4178 | SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder P... | E | |
| CVE-2008-4179 | Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow remote attackers to inject ar... | | |
| CVE-2008-4180 | Unspecified vulnerability in db.php in NooMS 1.1 allows remote attackers to conduct brute force atta... | | |
| CVE-2008-4181 | Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module bef... | E S | |
| CVE-2008-4182 | Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and... | | |
| CVE-2008-4183 | IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, w... | E | |
| CVE-2008-4184 | Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal Edition allows remote attacke... | | |
| CVE-2008-4185 | SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute... | E | |
| CVE-2008-4186 | SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute... | | |
| CVE-2008-4187 | Directory traversal vulnerability in index.php in ProActive CMS allows remote attackers to read arbi... | E | |
| CVE-2008-4188 | Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows re... | S | |
| CVE-2008-4189 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1105. Reason: This candida... | R | |
| CVE-2008-4190 | The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users... | E S | |
| CVE-2008-4191 | extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlin... | | |
| CVE-2008-4192 | The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users ... | | |
| CVE-2008-4193 | Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allow... | E | |
| CVE-2008-4194 | The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to ca... | | |
| CVE-2008-4195 | Opera before 9.52 does not properly restrict the ability of a framed web page to change the address ... | | |
| CVE-2008-4196 | Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows remote attackers to inject arbi... | S | |
| CVE-2008-4197 | Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu ... | | |
| CVE-2008-4198 | Opera before 9.52, when rendering an http page that has loaded an https page into a frame, displays ... | | |
| CVE-2008-4199 | Opera before 9.52 does not prevent use of links from web pages to feed source files on the local dis... | | |
| CVE-2008-4200 | Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual... | S | |
| CVE-2008-4201 | Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlie... | E | |
| CVE-2008-4202 | SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 allows remote attackers to ex... | E | |
| CVE-2008-4203 | SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to ... | E | |
| CVE-2008-4204 | SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote att... | E | |
| CVE-2008-4205 | SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attacker... | E | |
| CVE-2008-4206 | PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when r... | E | |
| CVE-2008-4207 | Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php in the main folder, which all... | E | |
| CVE-2008-4208 | Unspecified vulnerability in OSADS Alliance Database before 2.1 has unknown impact and attack vector... | | |
| CVE-2008-4210 | fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when ther... | E | |
| CVE-2008-4211 | Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iP... | S | |
| CVE-2008-4212 | Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies ... | S | |
| CVE-2008-4214 | Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to caus... | S | |
| CVE-2008-4215 | Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting a... | S | |
| CVE-2008-4216 | The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing ... | | |
| CVE-2008-4217 | Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute a... | | |
| CVE-2008-4218 | Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow lo... | | |
| CVE-2008-4219 | The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite... | | |
| CVE-2008-4220 | Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows contex... | | |
| CVE-2008-4221 | The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to ... | | |
| CVE-2008-4222 | natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remot... | | |
| CVE-2008-4223 | Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authenticati... | | |
| CVE-2008-4224 | UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (sys... | | |
| CVE-2008-4225 | Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers... | S | |
| CVE-2008-4226 | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attacke... | S | |
| CVE-2008-4227 | Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption ... | | |
| CVE-2008-4228 | The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 throug... | | |
| CVE-2008-4229 | Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPo... | | |
| CVE-2008-4230 | The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 throug... | | |
| CVE-2008-4231 | Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not prop... | | |
| CVE-2008-4232 | Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not rest... | | |
| CVE-2008-4233 | Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isol... | | |
| CVE-2008-4234 | Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 bef... | | |
| CVE-2008-4236 | Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a de... | | |
| CVE-2008-4237 | Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-... | | |
| CVE-2008-4241 | SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute ar... | E | |
| CVE-2008-4242 | ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote ... | E | |
| CVE-2008-4243 | Directory traversal vulnerability in ImageServer (aka UTImageServer) in WebAdmin before 1.7 for Epic... | E S | |
| CVE-2008-4244 | Rianxosencabos CMS 0.9 allows remote attackers to bypass authentication and gain administrative acce... | E | |
| CVE-2008-4245 | The Admin Control Panel in Rianxosencabos CMS 0.9 does not require administrator privileges, which a... | E | |
| CVE-2008-4246 | Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 allows remote IRC servers to cause... | S | |
| CVE-2008-4247 | ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interpre... | E | |
| CVE-2008-4248 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4249 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4250 | The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gol... | E S | |
| CVE-2008-4251 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4252 | The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and... | | |
| CVE-2008-4253 | The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP... | | |
| CVE-2008-4254 | Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft ... | | |
| CVE-2008-4255 | Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animatio... | E S | |
| CVE-2008-4256 | The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, ... | | |
| CVE-2008-4257 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4258 | Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to... | | |
| CVE-2008-4259 | Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which all... | | |
| CVE-2008-4260 | Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote att... | | |
| CVE-2008-4261 | Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on... | | |
| CVE-2008-4262 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4263 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4264 | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold a... | | |
| CVE-2008-4265 | Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Exce... | | |
| CVE-2008-4266 | Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2... | | |
| CVE-2008-4267 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4268 | The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not proper... | | |
| CVE-2008-4269 | The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Serve... | | |
| CVE-2008-4270 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5416. Reason: This candida... | R | |
| CVE-2008-4271 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4272 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4273 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4274 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4275 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4276 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4277 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4278 | VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows displays a user's password in clear... | S | |
| CVE-2008-4279 | The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0... | S | |
| CVE-2008-4281 | Directory traversal vulnerability in VMWare ESXi 3.5 before ESXe350-200810401-O-UG and ESX 3.5 befor... | S | |
| CVE-2008-4283 | CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS)... | | |
| CVE-2008-4284 | Open redirect vulnerability in the ibm_security_logout servlet in IBM WebSphere Application Server (... | S | |
| CVE-2008-4285 | Unspecified vulnerability in the Performance Monitoring Infrastructure (PMI) feature in the Servlet ... | S | |
| CVE-2008-4292 | Opera before 9.52 does not check the CRL override upon encountering a certificate that lacks a CRL, ... | | |
| CVE-2008-4293 | Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, al... | | |
| CVE-2008-4294 | IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which al... | S | |
| CVE-2008-4295 | Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the f... | E | |
| CVE-2008-4296 | The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its default password for the "admin" ... | | |
| CVE-2008-4297 | Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from h... | | |
| CVE-2008-4298 | Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote ... | S | |
| CVE-2008-4299 | A certain ActiveX control in the Microsoft Internet Authentication Service (IAS) Helper COM Componen... | | |
| CVE-2008-4300 | A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remo... | E | |
| CVE-2008-4301 | A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remo... | E | |
| CVE-2008-4302 | fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a f... | E S | |
| CVE-2008-4303 | Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers... | | |
| CVE-2008-4304 | general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary comm... | | |
| CVE-2008-4305 | Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allow... | | |
| CVE-2008-4306 | Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to ... | | |
| CVE-2008-4307 | Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows lo... | | |
| CVE-2008-4308 | The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a... | E S | |
| CVE-2008-4309 | Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 ... | | |
| CVE-2008-4310 | httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows... | | |
| CVE-2008-4311 | The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attrib... | | |
| CVE-2008-4312 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2008-4313 | A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the P... | S | |
| CVE-2008-4314 | smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a... | | |
| CVE-2008-4315 | tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10... | | |
| CVE-2008-4316 | Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers t... | S | |
| CVE-2008-4317 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-5019. Reason: This candida... | R | |
| CVE-2008-4318 | Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacha... | E | |
| CVE-2008-4319 | fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote atta... | E | |
| CVE-2008-4320 | Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.5.94 allow remote attackers ... | E S | |
| CVE-2008-4321 | Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary... | E | |
| CVE-2008-4322 | Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATA... | E | |
| CVE-2008-4323 | Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of ser... | E | |
| CVE-2008-4324 | The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attacke... | E | |
| CVE-2008-4325 | lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Ty... | S | |
| CVE-2008-4326 | The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when I... | E | |
| CVE-2008-4327 | gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly handle crafted .ico files, which a... | E | |
| CVE-2008-4328 | SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to exe... | E | |
| CVE-2008-4329 | PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and ear... | E | |
| CVE-2008-4330 | Directory traversal vulnerability in index.php in LanSuite 3.3.2 allows remote attackers to include ... | E | |
| CVE-2008-4331 | Directory traversal vulnerability in library/pagefunctions.inc.php in phpOCS 0.1 beta3 and earlier a... | E | |
| CVE-2008-4332 | SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allo... | E | |
| CVE-2008-4333 | Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus allows remote attackers to inject... | E | |
| CVE-2008-4334 | PHP infoBoard V.7 Plus allows remote attackers to bypass authentication and gain administrative acce... | E | |
| CVE-2008-4335 | SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attacke... | E | |
| CVE-2008-4336 | Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows r... | E | |
| CVE-2008-4337 | Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitr... | | |
| CVE-2008-4338 | SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save... | E | |
| CVE-2008-4339 | Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Serve... | S | |
| CVE-2008-4340 | Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory... | E | |
| CVE-2008-4341 | add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain admini... | E | |
| CVE-2008-4342 | NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C a... | E | |
| CVE-2008-4343 | The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows re... | E | |
| CVE-2008-4344 | SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL... | E | |
| CVE-2008-4345 | SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attacke... | E | |
| CVE-2008-4346 | Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include a... | E | |
| CVE-2008-4347 | SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute ar... | E | |
| CVE-2008-4348 | SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to ex... | E | |
| CVE-2008-4349 | Multiple cross-site scripting (XSS) vulnerabilities in news.php in s0nic Paranews 3.4 allow remote a... | E | |
| CVE-2008-4350 | SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote att... | E | |
| CVE-2008-4351 | Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include... | E | |
| CVE-2008-4352 | SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers ... | E | |
| CVE-2008-4353 | SQL injection vulnerability in link.php in Linkarity allows remote attackers to execute arbitrary SQ... | E | |
| CVE-2008-4354 | SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attac... | E | |
| CVE-2008-4355 | SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 ... | E | |
| CVE-2008-4356 | Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to exe... | E | |
| CVE-2008-4357 | SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arb... | E | |
| CVE-2008-4358 | Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unk... | S | |
| CVE-2008-4359 | lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configu... | S | |
| CVE-2008-4360 | mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is use... | S | |
| CVE-2008-4361 | Directory traversal vulnerability in PowerPortal 2.0.13 allows remote attackers to list and possibly... | E | |
| CVE-2008-4362 | The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 allows local users to cause a den... | E | |
| CVE-2008-4363 | DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a denial of service (system crash... | E | |
| CVE-2008-4364 | SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to e... | E | |
| CVE-2008-4365 | Cross-site scripting (XSS) vulnerability in search.php in Siteman 1.1.11 and earlier allows remote a... | | |
| CVE-2008-4366 | Unrestricted file upload vulnerability in the image upload component in Camera Life 2.6.2b4 allows r... | E | |
| CVE-2008-4368 | The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction po... | | |
| CVE-2008-4369 | SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execut... | E | |
| CVE-2008-4370 | Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attacker... | E | |
| CVE-2008-4371 | SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to... | E | |
| CVE-2008-4372 | Cross-site scripting (XSS) vulnerability in articles.php in AvailScript Article Script allows remote... | E | |
| CVE-2008-4373 | SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remot... | E | |
| CVE-2008-4374 | SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQ... | E | |
| CVE-2008-4375 | SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attacke... | E | |
| CVE-2008-4376 | SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitr... | E | |
| CVE-2008-4377 | SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to... | E | |
| CVE-2008-4378 | SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows re... | E | |
| CVE-2008-4379 | Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earl... | E | |
| CVE-2008-4380 | The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash... | E | |
| CVE-2008-4381 | Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application cras... | | |
| CVE-2008-4382 | Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via ... | | |
| CVE-2008-4383 | Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitc... | | |
| CVE-2008-4384 | Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as a... | | |
| CVE-2008-4385 | Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers... | | |
| CVE-2008-4387 | Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows r... | | |
| CVE-2008-4388 | The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x be... | S | |
| CVE-2008-4389 | Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x before 6.1 SP4 do not properly... | | |
| CVE-2008-4390 | The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration d... | S | |
| CVE-2008-4391 | Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in N... | S | |
| CVE-2008-4392 | dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS que... | S | |
| CVE-2008-4393 | Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 an... | E S | |
| CVE-2008-4394 | Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working... | | |
| CVE-2008-4395 | Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attac... | | |
| CVE-2008-4396 | Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly ot... | | |
| CVE-2008-4397 | Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly... | S | |
| CVE-2008-4398 | Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly ... | S | |
| CVE-2008-4399 | Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (forme... | S | |
| CVE-2008-4400 | Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup)... | S | |
| CVE-2008-4401 | ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjun... | S | |
| CVE-2008-4402 | Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before buil... | S | |
| CVE-2008-4403 | The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch ... | | |
| CVE-2008-4404 | The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate t... | | |
| CVE-2008-4405 | xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree,... | E | |
| CVE-2008-4406 | A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete... | | |
| CVE-2008-4407 | XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create /tmp/sabre.log, which allows ... | | |
| CVE-2008-4408 | Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions be... | | |
| CVE-2008-4409 | libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, whic... | E | |
| CVE-2008-4410 | The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) ... | | |
| CVE-2008-4411 | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on... | S | |
| CVE-2008-4412 | Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) al... | | |
| CVE-2008-4413 | Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 and earlier on HP-UX B.11.11 ... | | |
| CVE-2008-4414 | Unspecified vulnerability in the AdvFS showfile command in HP Tru64 UNIX 5.1B-3 and 5.1B-4 allows lo... | S | |
| CVE-2008-4415 | Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated us... | | |
| CVE-2008-4416 | Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of ... | | |
| CVE-2008-4417 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4418 | Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers t... | | |
| CVE-2008-4419 | Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE... | | |
| CVE-2008-4420 | Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL be... | E S | |
| CVE-2008-4421 | Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably other versions before 1.0.3.38... | E S | |
| CVE-2008-4422 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-4409. Reason: This candida... | R | |
| CVE-2008-4423 | SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbit... | E | |
| CVE-2008-4424 | Cross-site scripting (XSS) vulnerability in index.php in Domain Group Network GooCMS 1.02 allows rem... | | |
| CVE-2008-4425 | Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1... | E | |
| CVE-2008-4426 | Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (... | E | |
| CVE-2008-4427 | changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not requi... | E | |
| CVE-2008-4428 | Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pP... | E | |
| CVE-2008-4429 | Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security ... | | |
| CVE-2008-4430 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3699. Reason: This candida... | R | |
| CVE-2008-4431 | SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to e... | | |
| CVE-2008-4432 | Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops a... | E | |
| CVE-2008-4433 | SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow re... | | |
| CVE-2008-4434 | Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 bu... | | |
| CVE-2008-4435 | Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 a... | E | |
| CVE-2008-4436 | SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers... | E | |
| CVE-2008-4437 | Directory traversal vulnerability in importxml.pl in Bugzilla before 2.22.5, and 3.x before 3.0.5, w... | E S | |
| CVE-2008-4438 | Cross-site scripting (XSS) vulnerability in search.php in Datafeed Studio 1.6.2 allows remote attack... | | |
| CVE-2008-4439 | PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before ... | E | |
| CVE-2008-4440 | The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink o... | | |
| CVE-2008-4441 | The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 8... | | |
| CVE-2008-4444 | Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other... | | |
| CVE-2008-4445 | The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (... | E | |
| CVE-2008-4446 | Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attack... | | |
| CVE-2008-4447 | Cross-site scripting (XSS) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.1... | E | |
| CVE-2008-4448 | Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShel... | E | |
| CVE-2008-4449 | Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a lon... | E | |
| CVE-2008-4450 | Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attac... | | |
| CVE-2008-4451 | The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 ... | E | |
| CVE-2008-4452 | Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allows remote attackers to cause a ... | E | |
| CVE-2008-4453 | The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) ... | E S | |
| CVE-2008-4454 | Directory traversal vulnerability in EKINdesigns MySQL Quick Admin 1.5.5 allows remote attackers to ... | | |
| CVE-2008-4455 | Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, w... | E | |
| CVE-2008-4456 | Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, ... | E | |
| CVE-2008-4457 | SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_... | E S | |
| CVE-2008-4458 | SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote at... | E | |
| CVE-2008-4459 | SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows rem... | E | |
| CVE-2008-4460 | SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to exec... | E | |
| CVE-2008-4461 | SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.... | E | |
| CVE-2008-4462 | SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zone allows remote attackers to e... | E | |
| CVE-2008-4463 | SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to e... | E | |
| CVE-2008-4464 | SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone allows remote attackers to ex... | E | |
| CVE-2008-4465 | SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to ex... | E | |
| CVE-2008-4466 | SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote a... | E | |
| CVE-2008-4467 | SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attacke... | E | |
| CVE-2008-4468 | SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to ... | E | |
| CVE-2008-4469 | SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attack... | E | |
| CVE-2008-4470 | Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial ... | E | |
| CVE-2008-4471 | Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX contr... | E | |
| CVE-2008-4472 | The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revi... | E | |
| CVE-2008-4473 | Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 al... | | |
| CVE-2008-4474 | freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a sym... | | |
| CVE-2008-4475 | ibackup 2.27 allows local users to overwrite arbitrary files via a symlink attack on temporary files... | | |
| CVE-2008-4476 | sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the ... | | |
| CVE-2008-4477 | alert.d/test.alert in mon 0.99.2 allows local users to overwrite arbitrary files via a symlink attac... | | |
| CVE-2008-4478 | Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3... | S | |
| CVE-2008-4479 | Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.... | S | |
| CVE-2008-4480 | Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.... | S | |
| CVE-2008-4481 | Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier allows remote attackers to inj... | S | |
| CVE-2008-4482 | The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of se... | E S | |
| CVE-2008-4483 | Directory traversal vulnerability in index.php in Crux Gallery 1.32 and earlier, when magic_quotes_g... | E | |
| CVE-2008-4484 | main.php in Crux Gallery 1.32 and earlier allows remote attackers to gain administrative access by s... | E | |
| CVE-2008-4485 | Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS ... | | |
| CVE-2008-4486 | Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier... | E | |
| CVE-2008-4487 | SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to execute a... | | |
| CVE-2008-4488 | Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attacker... | | |
| CVE-2008-4489 | Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to inc... | | |
| CVE-2008-4490 | Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b and earlier, when magic_quote... | E | |
| CVE-2008-4491 | Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft c... | | |
| CVE-2008-4492 | SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute ar... | E | |
| CVE-2008-4493 | Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image... | E | |
| CVE-2008-4494 | SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earl... | E | |
| CVE-2008-4495 | SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execut... | E | |
| CVE-2008-4496 | SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute ar... | E | |
| CVE-2008-4497 | SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote a... | E | |
| CVE-2008-4498 | SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execu... | E | |
| CVE-2008-4499 | Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote atta... | | |
| CVE-2008-4500 | Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to cause a denial o... | E | |
| CVE-2008-4501 | Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1... | E | |
| CVE-2008-4502 | Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow rem... | E | |
| CVE-2008-4503 | The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause vi... | S | |
| CVE-2008-4504 | Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Player 3.0.8 allows user-assiste... | | |
| CVE-2008-4505 | Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers ... | | |
| CVE-2008-4506 | Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager... | | |
| CVE-2008-4507 | Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to dele... | | |
| CVE-2008-4508 | Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibl... | E | |
| CVE-2008-4509 | Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Pu... | E | |
| CVE-2008-4510 | Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a deni... | E | |
| CVE-2008-4511 | Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insuffic... | | |
| CVE-2008-4512 | ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficien... | | |
| CVE-2008-4513 | Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attacker... | E | |
| CVE-2008-4514 | The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (applica... | E | |
| CVE-2008-4515 | Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism,... | | |
| CVE-2008-4516 | SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitra... | E | |
| CVE-2008-4517 | SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitr... | E | |
| CVE-2008-4518 | Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attack... | E | |
| CVE-2008-4519 | Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to i... | E | |
| CVE-2008-4520 | Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote ... | S | |
| CVE-2008-4521 | SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidt... | E | |
| CVE-2008-4522 | Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script all... | E | |
| CVE-2008-4523 | SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execut... | E | |
| CVE-2008-4524 | SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite a... | E S | |
| CVE-2008-4525 | SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitra... | | |
| CVE-2008-4526 | Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execu... | E | |
| CVE-2008-4527 | SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows ... | E | |
| CVE-2008-4528 | Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.... | E | |
| CVE-2008-4529 | Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to e... | E | |
| CVE-2008-4530 | Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupa... | S | |
| CVE-2008-4531 | SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows rem... | S | |
| CVE-2008-4532 | Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote ... | | |
| CVE-2008-4533 | Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attacker... | S | |
| CVE-2008-4534 | SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, a... | S | |
| CVE-2008-4535 | Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 Beta(RC) 2... | S | |
| CVE-2008-4536 | Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and... | S | |
| CVE-2008-4537 | Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and... | S | |
| CVE-2008-4539 | Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on... | | |
| CVE-2008-4540 | Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mecha... | | |
| CVE-2008-4541 | Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.... | | |
| CVE-2008-4542 | Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES5... | | |
| CVE-2008-4543 | Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anon... | | |
| CVE-2008-4544 | Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other... | | |
| CVE-2008-4545 | Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permis... | | |
| CVE-2008-4546 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, al... | E | |
| CVE-2008-4547 | Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS... | E | |
| CVE-2008-4548 | Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (CamPanel.dll) in RTS Sentry 2.1.... | E | |
| CVE-2008-4549 | The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly... | E | |
| CVE-2008-4551 | strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via... | | |
| CVE-2008-4552 | The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the h... | S | |
| CVE-2008-4553 | qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary ... | E | |
| CVE-2008-4554 | The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file de... | | |
| CVE-2008-4555 | Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2... | E S | |
| CVE-2008-4556 | Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on ... | E | |
| CVE-2008-4557 | plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote a... | E | |
| CVE-2008-4558 | Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory an... | E | |
| CVE-2008-4559 | HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute ar... | S | |
| CVE-2008-4560 | HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to obtain sen... | S | |
| CVE-2008-4562 | Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51,... | | |
| CVE-2008-4563 | Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the back... | S | |
| CVE-2008-4564 | Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IB... | | |
| CVE-2008-4569 | SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows... | E | |
| CVE-2008-4570 | SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execu... | E | |
| CVE-2008-4571 | Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remot... | E S | |
| CVE-2008-4572 | GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of servic... | E | |
| CVE-2008-4573 | SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to e... | E | |
| CVE-2008-4574 | SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute a... | E | |
| CVE-2008-4575 | Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attacke... | E S | |
| CVE-2008-4576 | sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) vi... | | |
| CVE-2008-4577 | The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access ... | | |
| CVE-2008-4578 | The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by us... | S | |
| CVE-2008-4579 | The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) ... | | |
| CVE-2008-4580 | fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary ... | | |
| CVE-2008-4581 | The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote... | | |
| CVE-2008-4582 | Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, w... | | |
| CVE-2008-4583 | Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll) allows remo... | E | |
| CVE-2008-4584 | Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote at... | E | |
| CVE-2008-4585 | Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions... | | |
| CVE-2008-4586 | Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.... | E | |
| CVE-2008-4587 | Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX contro... | E | |
| CVE-2008-4588 | Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attac... | E | |
| CVE-2008-4589 | Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, incl... | S | |
| CVE-2008-4590 | Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQ... | E | |
| CVE-2008-4591 | Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGaller... | E | |
| CVE-2008-4592 | Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attacke... | E | |
| CVE-2008-4593 | Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disab... | | |
| CVE-2008-4594 | Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell... | | |
| CVE-2008-4595 | Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus 2.1.1 have unknown impact and... | | |
| CVE-2008-4596 | Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remo... | | |
| CVE-2008-4597 | Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which... | | |
| CVE-2008-4598 | Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and... | | |
| CVE-2008-4599 | SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute ar... | E | |
| CVE-2008-4600 | configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass auth... | E | |
| CVE-2008-4601 | Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote atta... | E | |
| CVE-2008-4602 | Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated... | E | |
| CVE-2008-4603 | SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to exec... | E | |
| CVE-2008-4604 | SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute a... | E | |
| CVE-2008-4605 | SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands ... | E | |
| CVE-2008-4606 | Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute a... | E | |
| CVE-2008-4607 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4608 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4609 | The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cis... | S | |
| CVE-2008-4610 | MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed... | | |
| CVE-2008-4611 | SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attack... | | |
| CVE-2008-4612 | Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrar... | E S | |
| CVE-2008-4613 | SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitr... | E S | |
| CVE-2008-4614 | PortalApp 4.0 does not require authentication for (1) forums.asp and (2) content.asp, which allows r... | E S | |
| CVE-2008-4615 | Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vec... | | |
| CVE-2008-4616 | The SpamBam plugin for WordPress allows remote attackers to bypass restrictions and add blog comment... | | |
| CVE-2008-4617 | SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execu... | E | |
| CVE-2008-4618 | The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 doe... | | |
| CVE-2008-4619 | The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon cras... | E | |
| CVE-2008-4620 | SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers... | E | |
| CVE-2008-4621 | SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to ... | E | |
| CVE-2008-4622 | The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 allows remote attackers to bypass ... | E | |
| CVE-2008-4623 | SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows... | E | |
| CVE-2008-4624 | PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_glob... | E | |
| CVE-2008-4625 | SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin fo... | E | |
| CVE-2008-4626 | Directory traversal vulnerability in index.php in Fritz Berger yet another php photo album - next ge... | E | |
| CVE-2008-4627 | SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remot... | E | |
| CVE-2008-4628 | SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execu... | E | |
| CVE-2008-4629 | Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 and earlier allows remote att... | | |
| CVE-2008-4630 | Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unk... | S | |
| CVE-2008-4631 | Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE be... | | |
| CVE-2008-4632 | Multiple directory traversal vulnerabilities in index.php in Kure 0.6.3, when magic_quotes_gpc is di... | E | |
| CVE-2008-4633 | SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Dru... | | |
| CVE-2008-4634 | Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to i... | | |
| CVE-2008-4635 | Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOO... | | |
| CVE-2008-4636 | yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privile... | S | |
| CVE-2008-4637 | Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to injec... | | |
| CVE-2008-4638 | qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and ... | S | |
| CVE-2008-4639 | jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files vi... | | |
| CVE-2008-4640 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to de... | | |
| CVE-2008-4641 | The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to exec... | | |
| CVE-2008-4642 | SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute a... | E | |
| CVE-2008-4643 | SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbi... | E | |
| CVE-2008-4644 | hits.php in myWebland myStats allows remote attackers to bypass IP address restrictions via a modifi... | E | |
| CVE-2008-4645 | plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated a... | E S | |
| CVE-2008-4646 | The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrat... | | |
| CVE-2008-4647 | SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitr... | | |
| CVE-2008-4648 | Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remot... | | |
| CVE-2008-4649 | Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack w... | E | |
| CVE-2008-4650 | SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbit... | E | |
| CVE-2008-4651 | Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute... | E | |
| CVE-2008-4652 | Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX... | E | |
| CVE-2008-4653 | SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for X... | E | |
| CVE-2008-4654 | Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c)... | E | |
| CVE-2008-4655 | SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO... | S | |
| CVE-2008-4656 | SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for... | | |
| CVE-2008-4657 | SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allo... | S | |
| CVE-2008-4658 | SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3... | S | |
| CVE-2008-4659 | SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension ... | | |
| CVE-2008-4660 | SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote att... | | |
| CVE-2008-4661 | Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and ea... | S | |
| CVE-2008-4662 | Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when magic_quotes_gpc is disabled, ... | E S | |
| CVE-2008-4663 | Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki... | | |
| CVE-2008-4664 | Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player ... | E S | |
| CVE-2008-4665 | SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL comma... | E | |
| CVE-2008-4666 | SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to exe... | E | |
| CVE-2008-4667 | Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to includ... | E | |
| CVE-2008-4668 | Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla... | E | |
| CVE-2008-4669 | Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote a... | | |
| CVE-2008-4670 | Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Clickbank Portal allows remote at... | E | |
| CVE-2008-4671 | Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 ... | E | |
| CVE-2008-4672 | Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows ... | | |
| CVE-2008-4673 | PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuit... | E | |
| CVE-2008-4674 | SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows rem... | E | |
| CVE-2008-4675 | SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to ... | E | |
| CVE-2008-4676 | Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and ear... | S | |
| CVE-2008-4677 | autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, ... | | |
| CVE-2008-4678 | The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (... | | |
| CVE-2008-4679 | The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 ... | S | |
| CVE-2008-4680 | packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause... | E S | |
| CVE-2008-4681 | Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows... | S | |
| CVE-2008-4682 | wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (appli... | E S | |
| CVE-2008-4683 | The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 ... | E S | |
| CVE-2008-4684 | packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post di... | S | |
| CVE-2008-4685 | Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dis... | S | |
| CVE-2008-4686 | Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC med... | | |
| CVE-2008-4687 | manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary c... | E | |
| CVE-2008-4688 | core/string_api.php in Mantis before 1.1.3 does not check the privileges of the viewer before compos... | | |
| CVE-2008-4689 | Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remot... | | |
| CVE-2008-4690 | lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler,... | | |
| CVE-2008-4691 | Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst ... | | |
| CVE-2008-4692 | The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 bef... | | |
| CVE-2008-4693 | The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive infor... | | |
| CVE-2008-4694 | Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service ... | | |
| CVE-2008-4695 | Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other... | | |
| CVE-2008-4696 | Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers t... | E S | |
| CVE-2008-4697 | The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascr... | | |
| CVE-2008-4698 | Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote... | | |
| CVE-2008-4699 | Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 all... | E | |
| CVE-2008-4700 | SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is di... | E | |
| CVE-2008-4701 | SQL injection vulnerability in admin.php in Libera CMS 1.12, when magic_quotes_gpc is disabled, allo... | E | |
| CVE-2008-4702 | Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to includ... | E | |
| CVE-2008-4703 | SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arb... | E | |
| CVE-2008-4704 | PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote atta... | E | |
| CVE-2008-4705 | SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows re... | E | |
| CVE-2008-4706 | SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote ... | E | |
| CVE-2008-4707 | Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows remote attackers to access un... | E | |
| CVE-2008-4708 | BbZL.PhP 0.92 allows remote attackers to bypass authentication and gain administrative access by set... | E | |
| CVE-2008-4709 | SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers t... | E | |
| CVE-2008-4710 | Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a mod... | | |
| CVE-2008-4711 | SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows re... | E | |
| CVE-2008-4712 | Directory traversal vulnerability in pages/showblog.php in LnBlog 0.9.0 and earlier, when magic_quot... | E | |
| CVE-2008-4713 | SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arb... | E | |
| CVE-2008-4714 | Atomic Photo Album 1.1.0 pre4 does not properly handle the apa_cookie_login and apa_cookie_password ... | E | |
| CVE-2008-4715 | SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers... | E | |
| CVE-2008-4716 | SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to exec... | E | |
| CVE-2008-4717 | SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute a... | E | |
| CVE-2008-4718 | Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote att... | E | |
| CVE-2008-4719 | PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 bet... | E | |
| CVE-2008-4720 | Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers t... | E | |
| CVE-2008-4721 | PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrativ... | E | |
| CVE-2008-4722 | Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allow... | | |
| CVE-2008-4723 | Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow rem... | E | |
| CVE-2008-4724 | Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attacke... | E | |
| CVE-2008-4725 | Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to injec... | E | |
| CVE-2008-4726 | Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated us... | E | |
| CVE-2008-4727 | Cross-site scripting (XSS) vulnerability in the contact update page (ss/bwgkoemr.P_UpdateEmrgContact... | | |
| CVE-2008-4728 | Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX ... | E | |
| CVE-2008-4729 | Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) in Hummingbi... | E | |
| CVE-2008-4730 | Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 allows remote attackers to injec... | | |
| CVE-2008-4731 | Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown impact and attack vectors.... | | |
| CVE-2008-4732 | SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for Wor... | E S | |
| CVE-2008-4733 | Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4... | E | |
| CVE-2008-4734 | Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment R... | | |
| CVE-2008-4735 | PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system ... | E | |
| CVE-2008-4736 | SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers ... | E | |
| CVE-2008-4737 | Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers ... | E | |
| CVE-2008-4738 | SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitr... | E | |
| CVE-2008-4739 | Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, ... | E | |
| CVE-2008-4740 | Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when... | E | |
| CVE-2008-4741 | Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, a... | | |
| CVE-2008-4742 | Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow ... | E S | |
| CVE-2008-4743 | SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attacker... | E | |
| CVE-2008-4744 | SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to ex... | E | |
| CVE-2008-4745 | Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allo... | | |
| CVE-2008-4746 | Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to... | | |
| CVE-2008-4747 | Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows conte... | S | |
| CVE-2008-4748 | Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application f... | E | |
| CVE-2008-4749 | Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in ... | E | |
| CVE-2008-4750 | Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software L... | E | |
| CVE-2008-4751 | Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers ... | E | |
| CVE-2008-4752 | TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by settin... | E | |
| CVE-2008-4753 | SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execut... | E | |
| CVE-2008-4754 | SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers... | E | |
| CVE-2008-4755 | SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote at... | E | |
| CVE-2008-4756 | Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers ... | E | |
| CVE-2008-4757 | Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL ... | E | |
| CVE-2008-4758 | Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read ... | E | |
| CVE-2008-4759 | Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read... | E | |
| CVE-2008-4760 | SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled... | E | |
| CVE-2008-4761 | Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php i... | E | |
| CVE-2008-4762 | Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of... | E | |
| CVE-2008-4763 | Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and ear... | S | |
| CVE-2008-4764 | Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in J... | E | |
| CVE-2008-4765 | SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attac... | E | |
| CVE-2008-4766 | SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to ... | E | |
| CVE-2008-4767 | Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attacke... | | |
| CVE-2008-4768 | SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands... | E | |
| CVE-2008-4769 | Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in ... | E | |
| CVE-2008-4770 | The CMsgReader::readRect function in the VNC Viewer component in RealVNC VNC Free Edition 4.0 throug... | S | |
| CVE-2008-4771 | Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDe... | E | |
| CVE-2008-4772 | SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrar... | E | |
| CVE-2008-4773 | Directory traversal vulnerability in main/main.php in QuestCMS allows remote attackers to read arbit... | E | |
| CVE-2008-4774 | Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inj... | E | |
| CVE-2008-4775 | Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other vers... | | |
| CVE-2008-4776 | libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact descri... | | |
| CVE-2008-4777 | SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo ... | E S | |
| CVE-2008-4778 | SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to exec... | E | |
| CVE-2008-4779 | Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) o... | E | |
| CVE-2008-4780 | Directory traversal vulnerability in admin/centre.php in MyForum 1.3, when register_globals is enabl... | E | |
| CVE-2008-4781 | Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include a... | E | |
| CVE-2008-4782 | SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) ... | E | |
| CVE-2008-4783 | tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting... | E | |
| CVE-2008-4784 | aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by settin... | E | |
| CVE-2008-4785 | SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 ... | E | |
| CVE-2008-4786 | SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers ... | E | |
| CVE-2008-4787 | Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof th... | E | |
| CVE-2008-4788 | Microsoft Internet Explorer 6 omits high-bit URL-encoded characters when displaying the address bar,... | | |
| CVE-2008-4789 | The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authen... | S | |
| CVE-2008-4790 | The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intende... | S | |
| CVE-2008-4791 | The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users ... | S | |
| CVE-2008-4792 | The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unsp... | S | |
| CVE-2008-4793 | The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and ... | S | |
| CVE-2008-4794 | Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search resul... | E S | |
| CVE-2008-4795 | The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page"... | E S | |
| CVE-2008-4796 | The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) amp... | S | |
| CVE-2008-4797 | Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server 1.8 and earlier allows remote ... | S | |
| CVE-2008-4798 | The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attack... | S | |
| CVE-2008-4799 | pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows c... | | |
| CVE-2008-4800 | The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool ... | E | |
| CVE-2008-4801 | Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client... | S | |
| CVE-2008-4802 | Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remot... | E | |
| CVE-2008-4803 | Cross-site scripting (XSS) vulnerability in index.php in Simple PHP Scripts gallery 0.1, 0.3, and 0.... | | |
| CVE-2008-4804 | SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execut... | E | |
| CVE-2008-4805 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow ... | | |
| CVE-2008-4806 | Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attack... | | |
| CVE-2008-4807 | IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.... | | |
| CVE-2008-4808 | IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vector... | | |
| CVE-2008-4809 | Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x befor... | | |
| CVE-2008-4810 | The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 all... | | |
| CVE-2008-4811 | The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlie... | | |
| CVE-2008-4812 | Array index error in Adobe Reader and Acrobat, and the Explorer extension (aka AcroRd32Info), 8.1.2,... | S | |
| CVE-2008-4813 | Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbi... | S | |
| CVE-2008-4814 | Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and ... | S | |
| CVE-2008-4815 | Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux ... | S | |
| CVE-2008-4816 | Unspecified vulnerability in the Download Manager in Adobe Reader 8.1.2 and earlier on Windows allow... | S | |
| CVE-2008-4817 | The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attack... | S | |
| CVE-2008-4818 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote a... | S | |
| CVE-2008-4819 | Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote att... | S | |
| CVE-2008-4820 | Unspecified vulnerability in the Flash Player ActiveX control in Adobe Flash Player 9.0.124.0 and ea... | S | |
| CVE-2008-4821 | Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpre... | S | |
| CVE-2008-4822 | Adobe Flash Player 9.0.124.0 and earlier does not properly interpret policy files, which allows remo... | S | |
| CVE-2008-4823 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote a... | S | |
| CVE-2008-4824 | Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0... | S | |
| CVE-2008-4825 | Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, all... | | |
| CVE-2008-4826 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3853. Reason: This candida... | R | |
| CVE-2008-4827 | Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX contro... | | |
| CVE-2008-4828 | Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli ... | S | |
| CVE-2008-4829 | Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arb... | | |
| CVE-2008-4830 | Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 640... | S | |
| CVE-2008-4831 | Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users... | S | |
| CVE-2008-4832 | rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary ... | | |
| CVE-2008-4833 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4834 | Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Serv... | | |
| CVE-2008-4835 | SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vi... | | |
| CVE-2008-4836 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4837 | Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and... | | |
| CVE-2008-4838 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4839 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4840 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4841 | The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 ... | E | |
| CVE-2008-4842 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4843 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4844 | Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in... | E S | |
| CVE-2008-4845 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4846 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4847 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4848 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4849 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4850 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4851 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4852 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4853 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4854 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4855 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4856 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4857 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4858 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4859 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4860 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4861 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4862 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2008-4863 | Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute a... | | |
| CVE-2008-4864 | Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow co... | E | |
| CVE-2008-4865 | Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary... | | |
| CVE-2008-4866 | Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, ... | E | |
| CVE-2008-4867 | Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows contex... | | |
| CVE-2008-4868 | Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before... | | |
| CVE-2008-4869 | FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (m... | | |
| CVE-2008-4870 | dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permiss... | | |
| CVE-2008-4871 | Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attac... | S | |
| CVE-2008-4872 | Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attac... | | |
| CVE-2008-4873 | board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metac... | E | |
| CVE-2008-4874 | The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has ... | E | |
| CVE-2008-4875 | Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with f... | E | |
| CVE-2008-4876 | Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 ... | E | |
| CVE-2008-4877 | SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows ... | E | |
| CVE-2008-4878 | Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remot... | E | |
| CVE-2008-4879 | SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitra... | E | |
| CVE-2008-4880 | SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arb... | E | |
| CVE-2008-4881 | SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attacke... | E | |
| CVE-2008-4882 | SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote at... | E | |
| CVE-2008-4883 | SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers t... | E | |
| CVE-2008-4884 | SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote atta... | E | |
| CVE-2008-4885 | SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote atta... | E | |
| CVE-2008-4886 | SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attacke... | E | |
| CVE-2008-4887 | SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execu... | E | |
| CVE-2008-4888 | Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 and earlier allows remote attac... | E | |
| CVE-2008-4889 | SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows rem... | E | |
| CVE-2008-4890 | SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attacker... | E | |
| CVE-2008-4891 | Cross-site scripting (XSS) vulnerability in signme.inc.php in Planetluc SignMe 1.5 before 1.55 allow... | | |
| CVE-2008-4892 | Cross-site scripting (XSS) vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier... | | |
| CVE-2008-4893 | Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.i... | | |
| CVE-2008-4894 | Directory traversal vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php ... | E | |
| CVE-2008-4895 | SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to e... | E | |
| CVE-2008-4896 | Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in Logz CMS 1.3.1 allows remote att... | | |
| CVE-2008-4897 | SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc... | E | |
| CVE-2008-4898 | Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 allows remote attackers to inject... | | |
| CVE-2008-4899 | Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe 1.3.3 allows remote attackers to... | | |
| CVE-2008-4900 | SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote atta... | E | |
| CVE-2008-4901 | SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers ... | E | |
| CVE-2008-4902 | SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attacke... | E | |
| CVE-2008-4903 | Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and e... | | |
| CVE-2008-4904 | SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier al... | | |
| CVE-2008-4905 | Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier... | | |
| CVE-2008-4906 | SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allo... | E | |
| CVE-2008-4907 | The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the... | S | |
| CVE-2008-4908 | maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary fi... | S | |
| CVE-2008-4909 | Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attacker... | | |
| CVE-2008-4910 | The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a cl... | | |
| CVE-2008-4911 | PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote at... | E | |
| CVE-2008-4912 | SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote a... | E | |
| CVE-2008-4913 | Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers ... | E | |
| CVE-2008-4914 | Unspecified vulnerability in VMware ESXi 3.5 before ESXe350-200901401-I-SG and ESX 3.5 before ESX350... | S | |
| CVE-2008-4915 | The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0... | | |
| CVE-2008-4916 | Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build ... | | |
| CVE-2008-4917 | Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x version... | S | |
| CVE-2008-4918 | Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in So... | | |
| CVE-2008-4919 | Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3... | E | |
| CVE-2008-4920 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was ba... | R | |
| CVE-2008-4921 | board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to bypass authentication and gai... | E | |
| CVE-2008-4922 | Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office (DjVu_ActiveX_MSOffice.dll) all... | E | |
| CVE-2008-4923 | Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Azte... | E | |
| CVE-2008-4924 | Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.... | E | |
| CVE-2008-4925 | Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXL... | E | |
| CVE-2008-4926 | Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ActiveX control (MW6PDF417Lib.PD... | E | |
| CVE-2008-4927 | Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial... | E | |
| CVE-2008-4928 | Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBu... | E | |
| CVE-2008-4929 | MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files... | E | |
| CVE-2008-4930 | MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file t... | | |
| CVE-2008-4931 | Cross-site scripting (XSS) vulnerability in the account module in firmCHANNEL Digital Signage 3.24, ... | | |
| CVE-2008-4932 | webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 allows remote attackers to overwri... | E | |
| CVE-2008-4933 | Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before ... | S | |
| CVE-2008-4934 | The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 doe... | S | |
| CVE-2008-4935 | asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /... | E | |
| CVE-2008-4936 | faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a ... | E | |
| CVE-2008-4937 | senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink ... | E | |
| CVE-2008-4938 | aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary files via a symlink attack on... | E | |
| CVE-2008-4939 | apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/####... | E | |
| CVE-2008-4940 | xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on th... | E | |
| CVE-2008-4941 | arb-common 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on (a... | E | |
| CVE-2008-4942 | audiolink in audiolink 0.05 allows local users to overwrite arbitrary files via a symlink attack on ... | E | |
| CVE-2008-4943 | bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the ... | E | |
| CVE-2008-4944 | writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attac... | E | |
| CVE-2008-4945 | amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite arbitrary files via a symlink at... | E | |
| CVE-2008-4946 | convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_o... | E | |
| CVE-2008-4947 | dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symli... | E | |
| CVE-2008-4948 | fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary files via a symlink attack on t... | E | |
| CVE-2008-4949 | dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, ... | E | |
| CVE-2008-4950 | gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on ... | E | |
| CVE-2008-4951 | dtc 0.29.6 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/awstats.... | E | |
| CVE-2008-4952 | emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink at... | E | |
| CVE-2008-4953 | firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1)... | | |
| CVE-2008-4954 | mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files via a symlink attack on the /tm... | | |
| CVE-2008-4955 | freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on ... | E | |
| CVE-2008-4956 | fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack... | E | |
| CVE-2008-4957 | find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to overwrite arbitrary files via a s... | E | |
| CVE-2008-4958 | gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/... | E | |
| CVE-2008-4959 | geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite arbitrary files via a symlink... | E | |
| CVE-2008-4960 | impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /t... | E | |
| CVE-2008-4963 | Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS,... | | |
| CVE-2008-4964 | filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on... | E | |
| CVE-2008-4965 | liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink ... | E | |
| CVE-2008-4966 | linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary files via a symlink attack on ... | E | |
| CVE-2008-4967 | linuxtrade 3.65 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp... | E | |
| CVE-2008-4968 | The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files ... | E | |
| CVE-2008-4969 | ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a... | | |
| CVE-2008-4970 | runiozone in lustre 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on th... | E | |
| CVE-2008-4971 | mafft-homologs in mafft 6.240 allows local users to overwrite arbitrary files via a symlink attack o... | E | |
| CVE-2008-4972 | mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ma... | E | |
| CVE-2008-4973 | i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1)... | E | |
| CVE-2008-4974 | rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files via a symlink attack on (1) /... | E | |
| CVE-2008-4975 | mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary files via a symlink attack on a... | E | |
| CVE-2008-4976 | ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary files via a symlink attack on... | E | |
| CVE-2008-4977 | postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink att... | E | |
| CVE-2008-4978 | radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /t... | E | |
| CVE-2008-4979 | getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack o... | E | |
| CVE-2008-4980 | delqueueask in rccp 0.9 allows local users to overwrite arbitrary files via a symlink attack on the ... | | |
| CVE-2008-4981 | perl.robot in realtimebattle 1.0.8 allows local users to overwrite arbitrary files via a symlink att... | E | |
| CVE-2008-4982 | rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on t... | E | |
| CVE-2008-4983 | scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/Sc... | E | |
| CVE-2008-4984 | scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on (a) /t... | | |
| CVE-2008-4985 | vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows local users to overwrite arbitr... | E | |
| CVE-2008-4986 | wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####,... | E | |
| CVE-2008-4987 | xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ld... | E | |
| CVE-2008-4988 | pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/psc... | E | |
| CVE-2008-4989 | The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.... | S | |
| CVE-2008-4990 | Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to ove... | | |
| CVE-2008-4991 | SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5... | | |
| CVE-2008-4992 | The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSP... | S | |
| CVE-2008-4993 | qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on t... | | |
| CVE-2008-4994 | The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local users to overwrite arbitrary files... | E | |
| CVE-2008-4995 | redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary files via a symlink attack on... | E | |
| CVE-2008-4996 | init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack o... | E | |
| CVE-2008-4997 | dfxml-invoice in datafreedom-perl 0.1.7 allows local users to overwrite arbitrary files via a symlin... | E | |
| CVE-2008-4998 | postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the ... | | |
| CVE-2008-4999 | Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to cause a denial of service (crash... | |