CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2008-2833 287 Bypass 2008-06-24 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
admin/upload.php in le.cms 1.4 and earlier allows remote attackers to bypass administrative authentication, and upload and execute arbitrary files in images/, via a nonzero value for the submit0 parameter in conjunction with filenames in the filename and upload parameters.
102 CVE-2008-2832 94 Exec Code 2008-06-24 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.
103 CVE-2008-2830 264 +Priv 2008-06-23 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent.
104 CVE-2008-2829 119 DoS Exec Code Overflow 2008-06-23 2019-10-09
5.0
None Remote Low Not required None None Partial
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function.
105 CVE-2008-2828 119 DoS Exec Code Overflow 2008-06-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in tmsnc allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an MSN packet with a UBX command containing a large UBX payload length field.
106 CVE-2008-2827 264 2008-06-23 2017-08-08
4.6
None Local Low Not required Partial Partial Partial
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
107 CVE-2008-2825 79 XSS 2008-06-23 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
108 CVE-2008-2824 264 2008-06-23 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors.
109 CVE-2008-2823 89 Exec Code Sql 2008-06-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
110 CVE-2008-2822 22 Dir. Trav. 2008-06-23 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in the FTP client in 3D-FTP Client 8.01 (8.0 build 1) allow remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a (1) LIST or (2) MLSD command.
111 CVE-2008-2821 22 Dir. Trav. 2008-06-23 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
112 CVE-2008-2820 22 Dir. Trav. 2008-06-23 2018-10-11
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
113 CVE-2008-2819 89 Exec Code Sql 2008-06-23 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
114 CVE-2008-2818 22 Dir. Trav. 2008-06-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the section parameter to the default URI.
115 CVE-2008-2817 89 Exec Code Sql 2008-06-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.
116 CVE-2008-2816 89 Exec Code Sql 2008-06-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572.
117 CVE-2008-2815 89 Exec Code Sql 2008-06-23 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter.
118 CVE-2008-2814 79 XSS 2008-06-23 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast Admin Panel 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter to the login interface. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
119 CVE-2008-2813 22 Dir. Trav. 2008-06-23 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in WallCity-Server Shoutcast Admin Panel 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
120 CVE-2008-2797 79 XSS 2008-06-20 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
121 CVE-2008-2796 89 Exec Code Sql 2008-06-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
122 CVE-2008-2795 22 Dir. Trav. 2008-06-20 2017-08-08
4.3
None Remote Medium Not required None Partial None
Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\ (dot dot backslash) in a response to a LIST command.
123 CVE-2008-2794 264 +Priv 2008-06-20 2017-08-08
6.8
None Local Low ??? Complete Complete Complete
Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors.
124 CVE-2008-2793 89 Exec Code Sql 2008-06-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
125 CVE-2008-2792 89 Exec Code Sql 2008-06-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter.
126 CVE-2008-2791 89 Exec Code Sql 2008-06-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
127 CVE-2008-2790 89 Exec Code Sql 2008-06-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
128 CVE-2008-2789 89 1 Exec Code Sql 2008-06-20 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
129 CVE-2008-2788 79 XSS 2008-06-20 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
130 CVE-2008-2787 79 XSS 2008-06-20 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.
131 CVE-2008-2786 119 Overflow 2008-06-19 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.
132 CVE-2008-2785 189 Exec Code Overflow 2008-06-19 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
133 CVE-2008-2784 264 2008-06-19 2017-08-08
6.4
None Remote Low Not required None Partial Partial
The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command.
134 CVE-2008-2783 79 XSS 2008-06-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
135 CVE-2008-2782 22 Dir. Trav. 2008-06-19 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php.
136 CVE-2008-2781 89 Exec Code Sql 2008-06-19 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action.
137 CVE-2008-2780 310 2008-06-19 2017-08-08
6.4
None Remote Low Not required Partial Partial None
The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file.
138 CVE-2008-2779 22 Exec Code Dir. Trav. 2008-06-19 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
139 CVE-2008-2778 89 Exec Code Sql 2008-06-19 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter.
140 CVE-2008-2777 79 XSS 2008-06-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
141 CVE-2008-2776 79 XSS 2008-06-19 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
142 CVE-2008-2775 89 Exec Code Sql 2008-06-19 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
143 CVE-2008-2774 89 Exec Code Sql 2008-06-19 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.
144 CVE-2008-2773 79 XSS 2008-06-18 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
145 CVE-2008-2772 94 Exec Code 2008-06-18 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."
146 CVE-2008-2771 264 Bypass 2008-06-18 2017-08-08
5.0
None Remote Low Not required None Partial None
The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.
147 CVE-2008-2770 89 Exec Code Sql 2008-06-18 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
148 CVE-2008-2769 94 Exec Code File Inclusion 2008-06-18 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter.
149 CVE-2008-2768 79 XSS 2008-06-18 2017-08-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors ("all fields").
150 CVE-2008-2767 89 Exec Code Sql 2008-06-18 2017-08-08
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter.
Total number of vulnerabilities : 435   Page : 1 2 3 (This Page)4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.