CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2008 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-3861 89 Exec Code Sql 2008-08-29 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
2 CVE-2008-3856 264 2008-08-28 2017-08-07
7.5
None Remote Low Not required Partial Partial Partial
The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.
3 CVE-2008-3854 119 DoS Overflow 2008-08-28 2018-10-11
7.8
None Remote Low Not required None None Complete
Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.
4 CVE-2008-3853 119 DoS Exec Code Overflow 2008-08-28 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676.
5 CVE-2008-3852 264 Exec Code 2008-08-28 2018-10-11
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors.
6 CVE-2008-3848 89 Exec Code Sql 2008-08-27 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
7 CVE-2008-3845 89 Exec Code Sql 2008-08-27 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.
8 CVE-2008-3844 20 2008-08-27 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
9 CVE-2008-3838 20 DoS 2008-08-27 2017-08-07
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service.
10 CVE-2008-3795 119 Overflow 2008-08-27 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response."
11 CVE-2008-3794 189 Exec Code Overflow Bypass 2008-08-26 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.
12 CVE-2008-3788 89 1 Exec Code Sql 2008-08-26 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.
13 CVE-2008-3787 89 Exec Code Sql 2008-08-26 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
14 CVE-2008-3785 89 Exec Code Sql 2008-08-26 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.
15 CVE-2008-3784 89 Exec Code Sql 2008-08-26 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
16 CVE-2008-3783 89 Exec Code Sql 2008-08-26 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters.
17 CVE-2008-3780 89 Exec Code Sql 2008-08-26 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
18 CVE-2008-3778 264 DoS +Priv 2008-08-25 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request.
19 CVE-2008-3774 89 1 Exec Code Sql 2008-08-22 2017-08-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
20 CVE-2008-3772 89 Exec Code Sql 2008-08-22 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
21 CVE-2008-3770 22 Dir. Trav. 2008-08-22 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) includes/events_application_top.php; (2) english/account.php, (3) french/account.php, and (4) french/account_newsletters.php in includes/languages/; (5) includes/modules/faqdesk/faqdesk_article_require.php; (6) includes/modules/newsdesk/newsdesk_article_require.php; (7) card1.php, (8) loginbox.php, and (9) whos_online.php in templates/Freeway/boxes/; and (10) templates/Freeway/mainpage_modules/mainpage.php. NOTE: vector 1 may be the same as CVE-2008-3677.
22 CVE-2008-3769 94 Exec Code File Inclusion 2008-08-22 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.
23 CVE-2008-3768 89 Exec Code Sql 2008-08-22 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.
24 CVE-2008-3767 89 Exec Code Sql 2008-08-22 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
25 CVE-2008-3765 89 1 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
26 CVE-2008-3764 94 Exec Code 2008-08-21 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.
27 CVE-2008-3763 20 2008-08-21 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.
28 CVE-2008-3762 89 Exec Code Sql 2008-08-21 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
29 CVE-2008-3759 352 CSRF 2008-08-21 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.
30 CVE-2008-3757 89 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
31 CVE-2008-3756 89 1 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
32 CVE-2008-3755 89 1 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
33 CVE-2008-3754 89 Exec Code Sql 2008-08-21 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
34 CVE-2008-3753 89 Exec Code Sql 2008-08-21 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
35 CVE-2008-3752 89 Exec Code Sql 2008-08-21 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
36 CVE-2008-3751 89 1 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
37 CVE-2008-3750 89 1 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
38 CVE-2008-3749 89 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
39 CVE-2008-3748 89 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
40 CVE-2008-3747 264 2008-08-27 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
41 CVE-2008-3742 264 Exec Code 2008-08-27 2017-08-07
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
42 CVE-2008-3738 287 2008-08-27 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
43 CVE-2008-3737 94 2008-08-27 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact.
44 CVE-2008-3736 352 CSRF 2008-08-27 2017-08-07
6.0
User Remote Medium Single system Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations.
45 CVE-2008-3734 134 DoS Exec Code 2008-08-20 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response).
46 CVE-2008-3733 119 DoS Exec Code Overflow 2008-08-20 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element.
47 CVE-2008-3732 189 DoS Exec Code Overflow 2008-08-20 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
48 CVE-2008-3729 287 Bypass 2008-08-20 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.
49 CVE-2008-3725 89 Exec Code Sql 2008-08-20 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
50 CVE-2008-3724 89 Exec Code Sql 2008-08-20 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter.
Total number of vulnerabilities : 234   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.