| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2008-7000 | PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to ex... | E | |
| CVE-2008-7001 | Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows r... | E | |
| CVE-2008-7002 | PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain func... | E | |
| CVE-2008-7003 | Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to... | E | |
| CVE-2008-7004 | Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, pos... | S | |
| CVE-2008-7005 | include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to... | E | |
| CVE-2008-7006 | Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of... | E | |
| CVE-2008-7007 | Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative ... | E | |
| CVE-2008-7008 | HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a dat... | E | |
| CVE-2008-7009 | Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000... | E | |
| CVE-2008-7010 | Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and g... | E | |
| CVE-2008-7011 | The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's H... | E | |
| CVE-2008-7012 | courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance... | E | |
| CVE-2008-7013 | NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via ... | | |
| CVE-2008-7014 | fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP ... | E | |
| CVE-2008-7015 | Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other produc... | E | |
| CVE-2008-7016 | tnftpd before 20080929 splits large command strings into multiple commands, which allows remote atta... | | |
| CVE-2008-7017 | Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versi... | E | |
| CVE-2008-7018 | Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attacker... | | |
| CVE-2008-7019 | Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges vi... | E | |
| CVE-2008-7020 | McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords ... | | |
| CVE-2008-7021 | Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remo... | E | |
| CVE-2008-7022 | Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (... | E | |
| CVE-2008-7023 | Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same d... | | |
| CVE-2008-7024 | admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass aut... | E | |
| CVE-2008-7025 | TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies ... | E | |
| CVE-2008-7026 | Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earli... | E S | |
| CVE-2008-7027 | Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privil... | E | |
| CVE-2008-7028 | RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges... | E | |
| CVE-2008-7029 | Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remot... | | |
| CVE-2008-7030 | Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execut... | E | |
| CVE-2008-7031 | Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remo... | E | |
| CVE-2008-7032 | Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console... | E | |
| CVE-2008-7033 | SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows ... | E | |
| CVE-2008-7034 | PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 all... | E | |
| CVE-2008-7035 | Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider 1.... | | |
| CVE-2008-7036 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos ... | E | |
| CVE-2008-7037 | The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly othe... | | |
| CVE-2008-7038 | SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execut... | E | |
| CVE-2008-7039 | Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote atta... | | |
| CVE-2008-7040 | SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for W... | E | |
| CVE-2008-7041 | AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges vi... | E | |
| CVE-2008-7042 | PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.... | E | |
| CVE-2008-7043 | Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 thro... | E | |
| CVE-2008-7044 | SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) D... | E | |
| CVE-2008-7045 | AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentica... | E | |
| CVE-2008-7046 | AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create n... | | |
| CVE-2008-7047 | NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to... | E | |
| CVE-2008-7048 | Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inj... | E | |
| CVE-2008-7049 | Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attacker... | E | |
| CVE-2008-7050 | The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when u... | E S | |
| CVE-2008-7051 | AJ Square AJ Article allows remote attackers to bypass authentication and access administrator funct... | E | |
| CVE-2008-7052 | Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allow... | E | |
| CVE-2008-7053 | LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial... | E | |
| CVE-2008-7054 | Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow remote attackers to include a... | E | |
| CVE-2008-7055 | module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection ... | E | |
| CVE-2008-7056 | BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote... | E | |
| CVE-2008-7057 | Cross-site scripting (XSS) vulnerability in merchandise.php in BandSite CMS 1.1.4 allows remote atta... | E | |
| CVE-2008-7058 | Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 allows remote attackers to hij... | E | |
| CVE-2008-7059 | SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbit... | E | |
| CVE-2008-7060 | Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 allow remote attackers to inj... | E | |
| CVE-2008-7061 | The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and pos... | E S | |
| CVE-2008-7062 | Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS... | E | |
| CVE-2008-7063 | Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, w... | E | |
| CVE-2008-7064 | Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2... | E | |
| CVE-2008-7065 | Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (discon... | E | |
| CVE-2008-7066 | OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other us... | E | |
| CVE-2008-7067 | PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2... | E | |
| CVE-2008-7068 | The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial o... | E | |
| CVE-2008-7069 | All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insuffic... | E | |
| CVE-2008-7070 | Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to ... | E | |
| CVE-2008-7071 | SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to exec... | E | |
| CVE-2008-7072 | Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers t... | E | |
| CVE-2008-7073 | PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sh... | E | |
| CVE-2008-7074 | Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remo... | E | |
| CVE-2008-7075 | Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote atta... | E | |
| CVE-2008-7076 | Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Art... | E | |
| CVE-2008-7077 | Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitra... | E | |
| CVE-2008-7078 | Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of ser... | E | |
| CVE-2008-7079 | Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (cras... | E | |
| CVE-2008-7080 | Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient ac... | E | |
| CVE-2008-7081 | userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass ... | | |
| CVE-2008-7082 | MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.... | | |
| CVE-2008-7083 | Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers ... | E | |
| CVE-2008-7084 | Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allow... | E | |
| CVE-2008-7085 | Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced al... | E | |
| CVE-2008-7086 | Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privile... | E | |
| CVE-2008-7087 | PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to... | E | |
| CVE-2008-7088 | Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote auth... | E | |
| CVE-2008-7089 | Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject ... | E | |
| CVE-2008-7090 | Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) ... | E | |
| CVE-2008-7091 | Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute ar... | E | |
| CVE-2008-7092 | Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remo... | E | |
| CVE-2008-7093 | Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote atta... | | |
| CVE-2008-7094 | Campaign/CampaignListener in the listener server in Unica Affinium Campaign 7.2.1.0.55 allows remote... | | |
| CVE-2008-7095 | The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does not restrict SNMP access, which... | | |
| CVE-2008-7096 | Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG3... | S | |
| CVE-2008-7097 | Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arb... | E | |
| CVE-2008-7098 | Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate Premium allow remote attackers t... | E | |
| CVE-2008-7099 | Unspecified vulnerability in the Manage Templates feature in Qsoft K-Rate Premium allows remote atta... | E | |
| CVE-2008-7100 | Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows remote authenticated users to byp... | S | |
| CVE-2008-7101 | Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain ... | S | |
| CVE-2008-7102 | DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and ... | S | |
| CVE-2008-7103 | Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 ... | E | |
| CVE-2008-7104 | Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before ... | S | |
| CVE-2008-7105 | Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial... | S | |
| CVE-2008-7106 | The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus... | S | |
| CVE-2008-7107 | easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) ... | E | |
| CVE-2008-7108 | Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remot... | | |
| CVE-2008-7109 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypa... | E | |
| CVE-2008-7110 | Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.... | E | |
| CVE-2008-7111 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames... | | |
| CVE-2008-7112 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to caus... | E | |
| CVE-2008-7113 | The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictab... | | |
| CVE-2008-7114 | SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allow... | E | |
| CVE-2008-7115 | The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 ... | E | |
| CVE-2008-7116 | SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote ... | E | |
| CVE-2008-7117 | eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading sty... | E | |
| CVE-2008-7118 | WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access ... | E | |
| CVE-2008-7119 | SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to exe... | E | |
| CVE-2008-7120 | SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers t... | E | |
| CVE-2008-7121 | Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remot... | E | |
| CVE-2008-7122 | Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programmin... | E | |
| CVE-2008-7123 | Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 ... | E S | |
| CVE-2008-7124 | zKup CMS 2.0 through 2.3 does not require administrative authentication for admin/configuration/modi... | E S | |
| CVE-2008-7125 | pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute ar... | S | |
| CVE-2008-7126 | Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows ... | E | |
| CVE-2008-7127 | osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to ... | E | |
| CVE-2008-7128 | The ssl_parse_client_key_exchange function in XySSL before 0.9 does not protect against certain Blei... | | |
| CVE-2008-7129 | XySSL before 0.9 allows remote attackers to cause a denial of service (infinite loop) via an X.509 c... | S | |
| CVE-2008-7130 | Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to upl... | | |
| CVE-2008-7131 | Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to gai... | S | |
| CVE-2008-7132 | Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.3 beta allows remote attackers... | E | |
| CVE-2008-7133 | Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allo... | E | |
| CVE-2008-7134 | Multiple cross-site scripting (XSS) vulnerabilities in the default URI in Chris LaPointe RedGalaxy D... | E S | |
| CVE-2008-7135 | toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (t... | E | |
| CVE-2008-7136 | toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (t... | E | |
| CVE-2008-7137 | WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of service (crash) via an empty q... | E | |
| CVE-2008-7138 | The Manager in Eye-Fi 1.1.2 generates predictable snonce values based on the time of day, which allo... | | |
| CVE-2008-7139 | Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote ... | E | |
| CVE-2008-7140 | Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote... | E | |
| CVE-2008-7141 | Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to in... | E | |
| CVE-2008-7142 | Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in ... | E | |
| CVE-2008-7143 | phpBB 2.0.23 includes the session ID in a request to modcp.php when the moderator or administrator c... | | |
| CVE-2008-7144 | Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vec... | S | |
| CVE-2008-7145 | Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote ... | E | |
| CVE-2008-7146 | IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attacker... | E | |
| CVE-2008-7147 | Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possi... | | |
| CVE-2008-7148 | Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbi... | S | |
| CVE-2008-7149 | Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related t... | | |
| CVE-2008-7150 | Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drup... | S | |
| CVE-2008-7151 | Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, all... | S | |
| CVE-2008-7152 | Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database (SID), when register_g... | E | |
| CVE-2008-7153 | SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Doc... | E S | |
| CVE-2008-7154 | Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct requ... | E S | |
| CVE-2008-7155 | NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote atta... | E | |
| CVE-2008-7156 | EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows remote attackers to bypass aut... | E | |
| CVE-2008-7157 | Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier allows remote attackers to exe... | E | |
| CVE-2008-7158 | Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitra... | S | |
| CVE-2008-7159 | The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencin... | S | |
| CVE-2008-7160 | The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in ... | S | |
| CVE-2008-7161 | Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 allows remote attackers to bypa... | E | |
| CVE-2008-7162 | Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (cras... | E | |
| CVE-2008-7163 | Directory traversal vulnerability in mods/Integrated/index.php in SineCMS 2.3.5 and earlier, when re... | E | |
| CVE-2008-7164 | Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vecto... | S | |
| CVE-2008-7165 | Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Al... | E | |
| CVE-2008-7166 | Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.... | | |
| CVE-2008-7167 | Unrestricted file upload vulnerability in upload.php in Page Manager 2006-02-04 allows remote attack... | E | |
| CVE-2008-7168 | Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows... | E | |
| CVE-2008-7169 | SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote att... | E | |
| CVE-2008-7170 | GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows re... | E | |
| CVE-2008-7171 | Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remo... | E | |
| CVE-2008-7172 | Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality,... | E | |
| CVE-2008-7173 | The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict a... | | |
| CVE-2008-7174 | Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker... | | |
| CVE-2008-7175 | Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier p... | | |
| CVE-2008-7176 | Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow remote attackers to read arbit... | E | |
| CVE-2008-7177 | Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact ... | E | |
| CVE-2008-7178 | Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read a... | E | |
| CVE-2008-7179 | OTManager CMS 2.4 allows remote attackers to bypass authentication and gain administrator privileges... | E | |
| CVE-2008-7180 | del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via ... | E | |
| CVE-2008-7181 | Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified ... | E | |
| CVE-2008-7182 | Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9... | E | |
| CVE-2008-7183 | PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is ... | E | |
| CVE-2008-7184 | Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to in... | E | |
| CVE-2008-7185 | GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and ... | E | |
| CVE-2008-7186 | Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote at... | E S | |
| CVE-2008-7187 | Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to obtain sensitive information via a ... | E S | |
| CVE-2008-7188 | ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attack... | E | |
| CVE-2008-7189 | Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attac... | | |
| CVE-2008-7190 | Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javas... | S | |
| CVE-2008-7191 | Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of servic... | | |
| CVE-2008-7192 | Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, a... | | |
| CVE-2008-7193 | PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-... | | |
| CVE-2008-7194 | Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Serve... | S | |
| CVE-2008-7195 | Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Serve... | S | |
| CVE-2008-7196 | Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to ... | | |
| CVE-2008-7197 | Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vector... | | |
| CVE-2008-7198 | Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vecto... | | |
| CVE-2008-7199 | Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a denial of service (hang) via (1) ... | | |
| CVE-2008-7200 | Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vector... | | |
| CVE-2008-7201 | Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and se... | E | |
| CVE-2008-7202 | Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote... | E S | |
| CVE-2008-7203 | Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (cr... | E | |
| CVE-2008-7204 | Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote atta... | S | |
| CVE-2008-7205 | Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows... | S | |
| CVE-2008-7206 | Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack ve... | S | |
| CVE-2008-7207 | RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to dis... | | |
| CVE-2008-7208 | Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers t... | E S | |
| CVE-2008-7209 | Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibl... | E | |
| CVE-2008-7210 | directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL inje... | E | |
| CVE-2008-7211 | CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and w... | E | |
| CVE-2008-7212 | MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive... | E | |
| CVE-2008-7213 | Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/c... | E | |
| CVE-2008-7214 | Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, ... | E | |
| CVE-2008-7215 | The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attacker... | E | |
| CVE-2008-7216 | Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio CAPTCHA clips by concatenating s... | E | |
| CVE-2008-7217 | Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to admi... | | |
| CVE-2008-7218 | Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-R... | S | |
| CVE-2008-7219 | Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2... | S | |
| CVE-2008-7220 | Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows atta... | S | |
| CVE-2008-7221 | Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack th... | | |
| CVE-2008-7222 | Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers... | E | |
| CVE-2008-7223 | Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to... | S | |
| CVE-2008-7224 | Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial... | E | |
| CVE-2008-7225 | Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remo... | E | |
| CVE-2008-7226 | SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions... | E | |
| CVE-2008-7227 | PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer conten... | | |
| CVE-2008-7228 | Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and ... | E | |
| CVE-2008-7229 | GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers to bypass SQL injection protect... | E S | |
| CVE-2008-7230 | Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and a... | | |
| CVE-2008-7231 | Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 a... | | |
| CVE-2008-7232 | Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to exec... | E | |
| CVE-2008-7233 | Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server... | E S | |
| CVE-2008-7234 | Unspecified vulnerability in the Oracle BPEL Worklist Application component in Oracle Application Se... | E S | |
| CVE-2008-7235 | Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-... | E S | |
| CVE-2008-7236 | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 a... | E S | |
| CVE-2008-7237 | Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.... | E S | |
| CVE-2008-7238 | Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affe... | E S | |
| CVE-2008-7239 | Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 allow remote attackers to ... | E S | |
| CVE-2008-7240 | Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Bas... | E | |
| CVE-2008-7241 | Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hi... | | |
| CVE-2008-7242 | Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote at... | E | |
| CVE-2008-7243 | Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows ... | E | |
| CVE-2008-7244 | Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang... | E | |
| CVE-2008-7245 | Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by ca... | | |
| CVE-2008-7246 | Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable ... | | |
| CVE-2008-7247 | sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, wh... | E | |
| CVE-2008-7248 | Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certa... | E | |
| CVE-2008-7249 | Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-a... | S | |
| CVE-2008-7250 | Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remo... | | |
| CVE-2008-7251 | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777... | | |
| CVE-2008-7252 | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporar... | S | |
| CVE-2008-7253 | The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, en... | | |
| CVE-2008-7254 | Directory traversal vulnerability in includes/template-loader.php in Irmin CMS (formerly Pepsi CMS) ... | E | |
| CVE-2008-7255 | login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves a password after logout, which... | | |
| CVE-2008-7256 | mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECUR... | | |
| CVE-2008-7257 | CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco Adaptive Security Appliances ... | E | |
| CVE-2008-7258 | The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause ... | E S | |
| CVE-2008-7259 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2008-7260 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2008-7261 | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 ... | | |
| CVE-2008-7262 | Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote ... | | |
| CVE-2008-7263 | ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login ... | | |
| CVE-2008-7264 | The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to... | E S | |
| CVE-2008-7265 | The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a de... | S | |
| CVE-2008-7266 | Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in RSA Adaptive Auth... | | |
| CVE-2008-7267 | SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execut... | E | |
| CVE-2008-7268 | The phpinfo function in SiteEngine 5.x allows remote attackers to obtain system information by setti... | E | |
| CVE-2008-7269 | Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to re... | E | |
| CVE-2008-7270 | OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not prevent mod... | | |
| CVE-2008-7271 | Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the He... | E | |
| CVE-2008-7272 | FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encryp... | | |
| CVE-2008-7273 | A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.... | | |
| CVE-2008-7274 | IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows... | | |
| CVE-2008-7275 | Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.... | | |
| CVE-2008-7276 | Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory u... | | |
| CVE-2008-7277 | Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the co... | S | |
| CVE-2008-7278 | The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, ... | S | |
| CVE-2008-7279 | The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote auth... | | |
| CVE-2008-7280 | Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 ... | S | |
| CVE-2008-7281 | Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists... | S | |
| CVE-2008-7282 | Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) be... | S | |
| CVE-2008-7283 | Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remot... | | |
| CVE-2008-7284 | IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to ... | | |
| CVE-2008-7285 | Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 befo... | | |
| CVE-2008-7286 | IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that req... | | |
| CVE-2008-7287 | Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_direct API functions in IBM Tivol... | S | |
| CVE-2008-7288 | IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers ... | | |
| CVE-2008-7289 | IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the si... | S | |
| CVE-2008-7290 | Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2... | S | |
| CVE-2008-7291 | gri before 2.12.18 generates temporary files in an insecure way.... | | |
| CVE-2008-7292 | Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not dele... | E S | |
| CVE-2008-7293 | Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sess... | S | |
| CVE-2008-7294 | Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTP... | S | |
| CVE-2008-7295 | Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS s... | S | |
| CVE-2008-7296 | Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which ... | S | |
| CVE-2008-7297 | Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows ... | S | |
| CVE-2008-7298 | The Android browser in Android cannot properly restrict modifications to cookies established in HTTP... | S | |
| CVE-2008-7299 | IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browse... | | |
| CVE-2008-7300 | The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolari... | | |
| CVE-2008-7301 | SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute ar... | | |
| CVE-2008-7302 | SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for ... | S | |
| CVE-2008-7303 | The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to ... | E | |
| CVE-2008-7304 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2008-7305 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2008-7306 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2008-7307 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2008-7308 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2008-7309 | Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's... | E | |
| CVE-2008-7310 | Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes,... | | |
| CVE-2008-7311 | The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_ses... | | |
| CVE-2008-7312 | The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during... | | |
| CVE-2008-7313 | The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: t... | S | |
| CVE-2008-7314 | mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname.... | | |
| CVE-2008-7315 | UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.... | | |
| CVE-2008-7316 | mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infi... | | |
| CVE-2008-7319 | The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., ... | S | |
| CVE-2008-7320 | GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by usi... | | |
| CVE-2008-7321 | The tubepress plugin before 1.6.5 for WordPress has XSS.... | |