CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2008-5169 89 Exec Code Sql 2008-11-19 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.
102 CVE-2008-5168 89 Exec Code Sql 2008-11-19 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter.
103 CVE-2008-5167 94 Exec Code File Inclusion 2008-11-19 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
104 CVE-2008-5166 89 Exec Code Sql 2008-11-19 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.
105 CVE-2008-5165 89 Exec Code Sql 2008-11-19 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
106 CVE-2008-5164 79 XSS 2008-11-19 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) viewarticle.php and (b) viewarticle2.php and the (2) PATH_INFO to viewarticle.php.
107 CVE-2008-5163 89 Exec Code Sql 2008-11-19 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.
108 CVE-2008-5162 310 2008-11-26 2008-12-03
6.9
None Local Medium Not required Complete Complete Complete
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.
109 CVE-2008-5161 200 +Info 2008-11-19 2018-10-11
2.6
None Remote High Not required Partial None None
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IBM z/OS 5.5.1 and earlier, 6.0.0, and 6.0.1; and Client 4.0-J through 4.3.3-J and 4.0-K through 4.3.10-K; and (2) OpenSSH 4.7p1 and possibly other versions, when using a block cipher algorithm in Cipher Block Chaining (CBC) mode, makes it easier for remote attackers to recover certain plaintext data from an arbitrary block of ciphertext in an SSH session via unknown vectors.
110 CVE-2008-5160 DoS 2008-11-18 2017-09-29
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in MyServer 0.8.11 allows remote attackers to cause a denial of service (daemon crash) via multiple invalid requests with the HTTP GET, DELETE, OPTIONS, and possibly other methods, related to a "204 No Content error."
111 CVE-2008-5159 189 DoS Overflow Mem. Corr. 2008-11-18 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
112 CVE-2008-5158 287 Bypass 2008-11-18 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to bypass authentication and perform administrative actions via vectors involving "simply skipping the auth stage."
113 CVE-2008-5157 59 2008-11-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
tau 2.16.4 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/makefile.tau.*.##### or (2) /tmp/makefile.tau*.##### temporary file, related to the (a) tau_cxx, (b) tau_f90, and (c) tau_cc scripts.
114 CVE-2008-5156 59 2008-11-18 2012-10-31
6.9
None Local Medium Not required Complete Complete Complete
si_mkbootserver in systemimager-server 3.6.3 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.inetd.conf or (2) /tmp/pxe.conf.*.tmp temporary file.
115 CVE-2008-5155 59 2008-11-18 2009-02-17
9.3
None Remote Medium Not required Complete Complete Complete
mail2sms.sh in smsclient 2.0.8z allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/header.##### or (2) /tmp/body.##### temporary file, or append data to arbitrary files via a symlink attack on the (3) /tmp/sms.log temporary file.
116 CVE-2008-5154 59 2008-11-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/blue.log temporary file.
117 CVE-2008-5153 59 2008-11-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
118 CVE-2008-5152 59 2008-11-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.
119 CVE-2008-5151 59 2008-11-18 2008-11-18
6.9
None Local Medium Not required Complete Complete Complete
test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/err.log temporary file.
120 CVE-2008-5150 59 2008-11-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.
121 CVE-2008-5149 59 2008-11-18 2009-02-17
6.9
None Local Medium Not required Complete Complete Complete
fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
122 CVE-2008-5148 59 2008-11-18 2008-12-03
6.9
None Local Medium Not required Complete Complete Complete
sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.
123 CVE-2008-5147 59 2008-11-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/outer.odt temporary file.
124 CVE-2008-5146 59 2008-11-18 2008-11-18
6.9
None Local Medium Not required Complete Complete Complete
add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.
125 CVE-2008-5145 59 2008-11-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
ltpmenu in ltp 20060918 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/runltp.mainmenu.##### temporary file.
126 CVE-2008-5144 59 2008-11-18 2009-02-17
6.9
None Local Medium Not required Complete Complete Complete
nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.
127 CVE-2008-5143 59 2008-11-18 2008-12-03
6.9
None Local Medium Not required Complete Complete Complete
mgt-helper in multi-gnome-terminal 1.6.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/*.debug or (2) /tmp/*.env temporary file.
128 CVE-2008-5142 59 2008-11-18 2012-10-31
6.9
None Local Medium Not required Complete Complete Complete
sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pr.##### temporary file.
129 CVE-2008-5141 59 2008-11-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.
130 CVE-2008-5140 59 2008-11-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
trend-autoupdate.new in mailscanner 4.55.10 and other versions before 4.74.16-1 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/opr.ini.##### or (2) /tmp/lpt*.zip temporary file.
131 CVE-2008-5139 59 2008-11-18 2009-02-17
6.9
None Local Medium Not required Complete Complete Complete
updatejail in jailer 0.4 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file.
132 CVE-2008-5138 59 2008-11-18 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.
133 CVE-2008-5137 59 2008-11-18 2009-02-17
6.9
None Local Medium Not required Complete Complete Complete
tkman in tkman 2.2 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/tkman##### or (2) /tmp/ll temporary file.
134 CVE-2008-5136 59 2008-11-18 2009-02-17
6.9
None Local Medium Not required Complete Complete Complete
tkusr in tkusr 0.82 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/tkusr.pgm temporary file.
135 CVE-2008-5135 59 2008-11-18 2008-11-18
6.2
None Local High Not required Complete Complete Complete
** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users."
136 CVE-2008-5134 119 Overflow 2008-11-18 2018-10-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response."
137 CVE-2008-5133 264 Bypass 2008-11-18 2017-08-08
5.8
None Remote Medium Not required None Partial Partial
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.
138 CVE-2008-5132 89 Exec Code Sql 2008-11-18 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
139 CVE-2008-5131 89 Exec Code Sql 2008-11-18 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
140 CVE-2008-5130 264 +Info 2008-11-18 2017-08-08
5.0
None Remote Low Not required Partial None None
Ocean12 Calendar Manager Gold 2.04 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12cal.mdb.
141 CVE-2008-5129 264 +Info 2008-11-18 2017-08-08
5.0
None Remote Low Not required Partial None None
Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb.
142 CVE-2008-5128 264 +Info 2008-11-18 2017-08-08
5.0
None Remote Low Not required Partial None None
Ocean12 Membership Manager Pro stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12member.mdb.
143 CVE-2008-5127 264 +Info 2008-11-18 2017-09-29
5.0
None Remote Low Not required Partial None None
Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.
144 CVE-2008-5126 79 XSS 2008-11-18 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in BoutikOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
145 CVE-2008-5125 287 Bypass 2008-11-18 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
admin.php in CCleague Pro 1.2 allows remote attackers to bypass authentication by setting the type cookie value to admin.
146 CVE-2008-5124 287 2008-11-18 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to verify a new or mismatched SSH host key, which makes it easier for remote attackers to perform man-in-the-middle attacks.
147 CVE-2008-5123 89 Exec Code Sql 2008-11-18 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.
148 CVE-2008-5122 89 Exec Code Sql 2008-11-18 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter.
149 CVE-2008-5121 264 +Priv 2008-11-18 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
150 CVE-2008-5120 119 Exec Code Overflow 2008-11-18 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Process Software MultiNet finger service (aka FINGERD) for HP OpenVMS 8.3 allows remote attackers to execute arbitrary code via a long request string.
Total number of vulnerabilities : 448   Page : 1 2 3 (This Page)4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.