CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2008 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-0524 352 CSRF 2008-01-31 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors.
2 CVE-2008-0520 89 Exec Code Sql 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.
3 CVE-2008-0519 89 Exec Code Sql 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.
4 CVE-2008-0518 89 Exec Code Sql 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
5 CVE-2008-0517 89 Exec Code Sql 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
6 CVE-2008-0516 94 Exec Code File Inclusion 2008-01-31 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
7 CVE-2008-0515 89 Exec Code Sql 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
8 CVE-2008-0514 89 Exec Code Sql 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.
9 CVE-2008-0513 22 Dir. Trav. 2008-01-31 2018-10-15
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
10 CVE-2008-0512 89 Exec Code Sql 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
11 CVE-2008-0511 89 Exec Code Sql 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
12 CVE-2008-0510 89 Exec Code Sql 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
13 CVE-2008-0507 89 Exec Code Sql 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
14 CVE-2008-0502 94 Exec Code File Inclusion 2008-01-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter.
15 CVE-2008-0500 2008-01-30 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser.
16 CVE-2008-0499 89 Exec Code Sql 2008-01-30 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
17 CVE-2008-0498 89 Exec Code Sql 2008-01-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.
18 CVE-2008-0495 DoS 2008-01-30 2017-08-08
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors.
19 CVE-2008-0493 119 Exec Code Overflow 2008-01-30 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.
20 CVE-2008-0491 89 Exec Code Sql 2008-01-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.
21 CVE-2008-0490 89 Exec Code Sql 2008-01-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
22 CVE-2008-0488 22 Dir. Trav. 2008-01-30 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter.
23 CVE-2008-0487 89 Exec Code Sql 2008-01-30 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information.
24 CVE-2008-0477 119 Exec Code Overflow 2008-01-29 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to execute arbitrary code via a long first argument to the Upgrade method. NOTE: some of these details are obtained from third party information.
25 CVE-2008-0470 Exec Code 2008-01-29 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method.
26 CVE-2008-0469 89 Exec Code Sql 2008-01-29 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action.
27 CVE-2008-0468 89 Exec Code Sql 2008-01-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
28 CVE-2008-0467 119 Exec Code Overflow 2008-01-29 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username.
29 CVE-2008-0454 79 XSS 2008-01-25 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS."
30 CVE-2008-0451 89 Exec Code Sql 2008-01-25 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/.
31 CVE-2008-0450 94 Exec Code File Inclusion 2008-01-25 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/.
32 CVE-2008-0449 89 Exec Code Sql 2008-01-25 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
33 CVE-2008-0448 94 Exec Code File Inclusion 2008-01-25 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter.
34 CVE-2008-0447 89 Exec Code Sql 2008-01-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter.
35 CVE-2008-0446 89 Exec Code Sql 2008-01-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
36 CVE-2008-0443 119 Exec Code Overflow 2008-01-25 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information.
37 CVE-2008-0442 94 Exec Code File Inclusion 2008-01-25 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
38 CVE-2008-0437 119 Exec Code Overflow 2008-01-23 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.
39 CVE-2008-0434 189 Exec Code 2008-01-23 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.
40 CVE-2008-0433 94 Exec Code File Inclusion 2008-01-23 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614.
41 CVE-2008-0430 89 Exec Code Sql 2008-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter.
42 CVE-2008-0429 89 Exec Code Sql 2008-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
43 CVE-2008-0428 89 Exec Code Sql 2008-01-23 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
44 CVE-2008-0427 22 Dir. Trav. 2008-01-23 2018-10-15
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
45 CVE-2008-0424 89 Exec Code Sql 2008-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter.
46 CVE-2008-0422 89 Exec Code Sql 2008-01-23 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
47 CVE-2008-0421 89 Exec Code Sql 2008-01-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.
48 CVE-2008-0405 22 Dir. Trav. 2008-01-29 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
49 CVE-2008-0401 119 DoS Exec Code Overflow 2008-01-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.
50 CVE-2008-0396 22 Dir. Trav. 2008-01-23 2018-10-15
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
Total number of vulnerabilities : 230   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.