CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-3430 119 1 Exec Code Overflow 2008-07-31 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
2 CVE-2008-3429 119 DoS Exec Code Overflow 2008-07-31 2008-10-01
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL.
3 CVE-2008-3428 287 2008-07-31 2008-09-10
6.5
User Remote Low Single system Partial Partial Partial
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
4 CVE-2008-3426 DoS 2008-07-31 2008-09-10
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru.
5 CVE-2008-3425 287 2008-07-31 2008-09-10
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors.
6 CVE-2008-3424 264 Bypass 2008-07-31 2008-10-07
7.5
User Remote Low Not required Partial Partial Partial
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.
7 CVE-2008-3422 79 XSS 2008-07-31 2009-09-02
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).
8 CVE-2008-3421 352 CSRF 2008-07-31 2009-04-02
4.3
None Remote Medium Not required None Partial None
Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.
9 CVE-2008-3420 89 1 Exec Code Sql 2008-07-31 2009-08-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.
10 CVE-2008-3419 89 1 Exec Code Sql 2008-07-31 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.
11 CVE-2008-3418 89 1 Exec Code Sql 2008-07-31 2009-08-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
12 CVE-2008-3417 89 1 Exec Code Sql 2008-07-31 2009-08-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561.
13 CVE-2008-3416 89 1 Exec Code Sql 2008-07-31 2009-08-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.
14 CVE-2008-3415 22 1 Dir. Trav. 2008-07-31 2009-08-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.
15 CVE-2008-3414 89 1 Exec Code Sql 2008-07-31 2009-01-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.
16 CVE-2008-3413 89 1 Exec Code Sql 2008-07-31 2009-08-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
17 CVE-2008-3412 89 1 Exec Code Sql 2008-07-31 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.
18 CVE-2008-3411 287 2008-07-31 2009-01-29
10.0
Admin Remote Low Not required Complete Complete Complete
The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.
19 CVE-2008-3410 399 DoS 2008-07-31 2008-09-10
5.0
None Remote Low Not required None None Partial
Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a UDP packet in which the value of a certain size field is greater than the total packet length, aka attack 2 in ut3mendo.c.
20 CVE-2008-3409 119 DoS Exec Code Overflow Mem. Corr. 2008-07-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a UDP packet containing a large value in a certain size field, followed by a data string of that size, aka attack 1 in ut3mendo.c.
21 CVE-2008-3408 119 2 Exec Code Overflow 2008-07-31 2011-01-26
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
22 CVE-2008-3407 287 1 Bypass 2008-07-31 2009-01-29
5.0
None Remote Low Not required Partial None None
phpLinkat 0.1 allows remote attackers to bypass authentication and access unspecified pages under admin/ by sending a login=right cookie.
23 CVE-2008-3406 89 1 Exec Code Sql 2008-07-31 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
24 CVE-2008-3405 22 1 Dir. Trav. 2008-07-31 2009-01-29
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter.
25 CVE-2008-3404 79 XSS 2008-07-31 2009-05-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter.
26 CVE-2008-3403 89 1 Exec Code Sql 2008-07-31 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.
27 CVE-2008-3402 94 1 Exec Code File Inclusion 2008-07-31 2009-02-26
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
28 CVE-2008-3401 94 1 Exec Code File Inclusion 2008-07-31 2009-02-26
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
29 CVE-2008-3400 200 1 +Info 2008-07-31 2009-08-19
4.3
None Remote Medium Not required Partial None None
XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function.
30 CVE-2008-3399 94 1 Exec Code File Inclusion 2008-07-31 2009-01-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
31 CVE-2008-3398 79 1 XSS 2008-07-31 2009-01-29
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.
32 CVE-2008-3397 79 XSS 2008-07-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie.
33 CVE-2008-3396 20 DoS 2008-07-31 2009-02-26
5.0
None Remote Low Not required None None Partial
Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.
34 CVE-2008-3395 264 +Info 2008-07-31 2008-09-10
5.0
None Remote Low Not required Partial None None
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
35 CVE-2008-3394 79 XSS 2008-07-31 2009-02-26
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters.
36 CVE-2008-3393 89 Exec Code Sql 2008-07-31 2009-02-26
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter.
37 CVE-2008-3392 352 CSRF 2008-07-31 2008-09-05
5.8
None Remote Medium Not required None Partial Partial
Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.
38 CVE-2008-3391 79 XSS 2008-07-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.
39 CVE-2008-3390 22 1 Dir. Trav. 2008-07-31 2009-01-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
40 CVE-2008-3388 89 Exec Code Sql 2008-07-30 2009-01-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
41 CVE-2008-3387 89 1 Exec Code Sql 2008-07-30 2009-01-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.
42 CVE-2008-3386 89 1 Exec Code Sql 2008-07-30 2009-08-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
43 CVE-2008-3385 22 1 Dir. Trav. File Inclusion 2008-07-30 2009-08-19
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
44 CVE-2008-3384 22 1 Dir. Trav. 2008-07-30 2009-01-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters.
45 CVE-2008-3383 89 1 Exec Code Sql 2008-07-30 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action.
46 CVE-2008-3382 89 1 Exec Code Sql 2008-07-30 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
47 CVE-2008-3381 79 XSS 2008-07-30 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
48 CVE-2008-3380 79 XSS 2008-07-30 2009-01-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter.
49 CVE-2008-3379 79 XSS 2008-07-30 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the pic parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
50 CVE-2008-3378 89 1 Exec Code Sql 2008-07-30 2009-01-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
Total number of vulnerabilities : 517   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.