| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2008-1110 |
119 |
|
DoS Exec Code Overflow |
2008-02-29 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664. |
|
2 |
CVE-2008-1095 |
264 |
|
DoS Bypass |
2008-02-29 |
2018-10-30 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly. |
|
3 |
CVE-2008-1082 |
79 |
|
XSS Bypass |
2008-02-29 |
2012-06-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation. |
|
4 |
CVE-2008-1081 |
94 |
|
|
2008-02-29 |
2012-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. |
|
5 |
CVE-2008-1080 |
20 |
|
|
2008-02-29 |
2012-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Opera before 9.26 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename into a file input. |
|
6 |
CVE-2008-1078 |
59 |
|
|
2008-02-29 |
2018-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. |
|
7 |
CVE-2008-1077 |
89 |
|
Exec Code Sql |
2008-02-29 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action. |
|
8 |
CVE-2008-1076 |
79 |
|
XSS |
2008-02-29 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
9 |
CVE-2008-1075 |
79 |
|
XSS |
2008-02-29 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
10 |
CVE-2008-1074 |
94 |
|
Exec Code File Inclusion |
2008-02-29 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter. |
|
11 |
CVE-2008-1073 |
79 |
|
XSS |
2008-02-29 |
2011-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the report interface in Internet Security Systems (ISS) Internet Scanner 7.0 Service Pack 2 Build 7.2.2005.52 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
12 |
CVE-2008-1072 |
|
|
DoS |
2008-02-28 |
2018-10-11 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug. |
|
13 |
CVE-2008-1071 |
399 |
|
DoS |
2008-02-28 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. |
|
14 |
CVE-2008-1070 |
|
|
DoS |
2008-02-28 |
2018-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet. |
|
15 |
CVE-2008-1069 |
94 |
|
Exec Code File Inclusion |
2008-02-28 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php. |
|
16 |
CVE-2008-1068 |
94 |
|
Exec Code File Inclusion |
2008-02-28 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645. |
|
17 |
CVE-2008-1067 |
94 |
|
Exec Code File Inclusion |
2008-02-28 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php. |
|
18 |
CVE-2008-1066 |
20 |
|
|
2008-02-28 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string. |
|
19 |
CVE-2008-1065 |
89 |
|
Exec Code Sql |
2008-02-28 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
20 |
CVE-2008-1064 |
79 |
|
XSS |
2008-02-28 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
|
21 |
CVE-2008-1063 |
79 |
|
XSS |
2008-02-28 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. |
|
22 |
CVE-2008-1062 |
20 |
|
DoS |
2008-02-28 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater (aka IHT.exe) in InterVideo WinDVD Media Center 2.11.15.0 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet with two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
23 |
CVE-2008-1061 |
79 |
|
XSS |
2008-02-28 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php. |
|
24 |
CVE-2008-1060 |
94 |
|
Exec Code |
2008-02-28 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter. |
|
25 |
CVE-2008-1059 |
94 |
|
Exec Code File Inclusion |
2008-02-28 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. |
|
26 |
CVE-2008-1058 |
|
|
DoS |
2008-02-28 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information. |
|
27 |
CVE-2008-1057 |
|
|
DoS |
2008-02-28 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers. |
|
28 |
CVE-2008-1056 |
119 |
|
Overflow +Priv |
2008-02-28 |
2017-08-08 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises. |
|
29 |
CVE-2008-1055 |
134 |
|
DoS Exec Code |
2008-02-27 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter. |
|
30 |
CVE-2008-1054 |
119 |
|
DoS Exec Code Overflow |
2008-02-27 |
2018-10-11 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via an HTTP request with multiple long headers to webmail.exe and unspecified other CGI executables, which triggers an overflow when assigning values to environment variables. NOTE: some of these details are obtained from third party information. |
|
31 |
CVE-2008-1053 |
89 |
|
Exec Code Sql |
2008-02-27 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php. |
|
32 |
CVE-2008-1052 |
119 |
|
DoS Overflow |
2008-02-27 |
2018-10-11 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The administration web interface in NetWin SurgeFTP 2.3a2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL pointer dereference when memory allocation fails. |
|
33 |
CVE-2008-1051 |
94 |
|
Exec Code File Inclusion |
2008-02-27 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. |
|
34 |
CVE-2008-1050 |
89 |
|
Exec Code Sql |
2008-02-27 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. |
|
35 |
CVE-2008-1049 |
|
|
|
2008-02-27 |
2017-08-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors. |
|
36 |
CVE-2008-1048 |
79 |
|
XSS |
2008-02-27 |
2017-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in manager/xmedia.php in Plume CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. |
|
37 |
CVE-2008-1047 |
79 |
|
XSS |
2008-02-27 |
2012-10-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in TikiWiki before 1.9.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
38 |
CVE-2008-1046 |
94 |
|
Exec Code File Inclusion |
2008-02-27 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter. |
|
39 |
CVE-2008-1045 |
79 |
|
XSS |
2008-02-27 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter. |
|
40 |
CVE-2008-1044 |
119 |
|
Exec Code Overflow |
2008-02-27 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument to the UploadLogs method, a different vector than CVE-2007-4722. NOTE: some of these details are obtained from third party information. |
|
41 |
CVE-2008-1043 |
94 |
|
Exec Code File Inclusion |
2008-02-27 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. |
|
42 |
CVE-2008-1042 |
22 |
|
Dir. Trav. |
2008-02-27 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in include/body.inc.php in Linux Web Shop (LWS) php Download Manager 1.0 and 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. |
|
43 |
CVE-2008-1041 |
79 |
|
XSS |
2008-02-27 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter. |
|
44 |
CVE-2008-1040 |
119 |
|
Exec Code Overflow |
2008-02-27 |
2011-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI. |
|
45 |
CVE-2008-1039 |
89 |
|
Exec Code Sql |
2008-02-27 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter. |
|
46 |
CVE-2008-1038 |
94 |
|
Exec Code File Inclusion |
2008-02-27 |
2017-09-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter. |
|
47 |
CVE-2008-1037 |
79 |
|
XSS |
2008-02-27 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page. |
|
48 |
CVE-2008-0984 |
399 |
|
Exec Code |
2008-02-26 |
2018-10-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file. |
|
49 |
CVE-2008-0983 |
399 |
|
DoS |
2008-02-26 |
2018-10-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. |
|
50 |
CVE-2008-0982 |
20 |
|
+Info |
2008-02-25 |
2018-10-15 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message. |
