| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
80001 |
CVE-2008-6105 |
79 |
|
XSS |
2009-02-10 |
2009-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. |
|
80002 |
CVE-2008-6104 |
89 |
|
Exec Code Sql |
2009-02-10 |
2009-02-26 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php. |
|
80003 |
CVE-2008-6103 |
94 |
1
|
Exec Code File Inclusion |
2009-02-10 |
2017-08-07 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter. |
|
80004 |
CVE-2008-6102 |
89 |
|
Exec Code Sql |
2009-02-10 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in ratelink.php in Link Trader Script allows remote attackers to execute arbitrary SQL commands via the lnkid parameter. |
|
80005 |
CVE-2008-6101 |
89 |
|
Exec Code Sql |
2009-02-10 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter. |
|
80006 |
CVE-2008-6100 |
89 |
|
Exec Code Sql |
2009-02-10 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php. |
|
80007 |
CVE-2008-6099 |
94 |
|
Exec Code File Inclusion |
2009-02-10 |
2018-10-11 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter. |
|
80008 |
CVE-2008-6098 |
264 |
|
Bypass |
2009-02-09 |
2017-08-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to "approve." |
|
80009 |
CVE-2008-6097 |
79 |
|
XSS |
2009-02-09 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php. |
|
80010 |
CVE-2008-6096 |
79 |
|
XSS |
2009-02-09 |
2009-02-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page. |
|
80011 |
CVE-2008-6095 |
79 |
|
XSS |
2009-02-09 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter. |
|
80012 |
CVE-2008-6094 |
79 |
|
XSS |
2009-02-09 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technologies Celoxis allows remote attackers to inject arbitrary web script or HTML via the ni.smessage parameter. |
|
80013 |
CVE-2008-6093 |
89 |
|
Exec Code Sql |
2009-02-09 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Noname CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) file_id parameter in a detailansicht action and the (2) kategorie parameter in a kategorien action. |
|
80014 |
CVE-2008-6092 |
287 |
|
Bypass |
2009-02-09 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
phpscripts Ranking Script allows remote attackers to bypass authentication and gain administrative access by sending an admin=ja cookie. |
|
80015 |
CVE-2008-6091 |
89 |
|
Exec Code Sql |
2009-02-09 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter. |
|
80016 |
CVE-2008-6090 |
22 |
|
Dir. Trav. |
2009-02-06 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in members.php in ScriptsEz Mini Hosting Panel allows remote attackers to read arbitrary local files via a .. (dot dot) in the dir parameter in a view action. |
|
80017 |
CVE-2008-6089 |
22 |
|
Dir. Trav. |
2009-02-06 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in main.php in ScriptsEz Easy Image Downloader allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a download action. |
|
80018 |
CVE-2008-6088 |
89 |
|
Exec Code Sql |
2009-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php. |
|
80019 |
CVE-2008-6087 |
79 |
|
XSS |
2009-02-06 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter. |
|
80020 |
CVE-2008-6086 |
89 |
|
Exec Code Sql |
2009-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355. |
|
80021 |
CVE-2008-6085 |
189 |
|
Exec Code Overflow |
2009-02-06 |
2017-08-07 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow. |
|
80022 |
CVE-2008-6084 |
20 |
|
Exec Code |
2009-02-06 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory. |
|
80023 |
CVE-2008-6083 |
22 |
|
Dir. Trav. |
2009-02-06 |
2018-10-11 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in header.php in TXTshop beta 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. |
|
80024 |
CVE-2008-6082 |
399 |
|
DoS |
2009-02-06 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command. |
|
80025 |
CVE-2008-6081 |
89 |
|
Exec Code Sql |
2009-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
80026 |
CVE-2008-6080 |
22 |
|
Dir. Trav. |
2009-02-06 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
|
80027 |
CVE-2008-6079 |
|
|
Overflow |
2009-02-06 |
2017-08-07 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows." |
|
80028 |
CVE-2008-6078 |
89 |
|
Exec Code Sql |
2009-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in open.php in the Private Messaging (com_privmsg) component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php. |
|
80029 |
CVE-2008-6077 |
89 |
|
Exec Code Sql |
2009-02-06 |
2017-09-28 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and earlier allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action. |
|
80030 |
CVE-2008-6076 |
89 |
|
Exec Code Sql |
2009-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
|
80031 |
CVE-2008-6075 |
89 |
|
Exec Code Sql |
2009-02-06 |
2017-08-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 allows remote attackers to execute arbitrary SQL commands via the kid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
80032 |
CVE-2008-6074 |
22 |
|
Dir. Trav. |
2009-02-06 |
2018-10-11 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in frame.php in phpcrs 2.06 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the importFunction parameter. |
|
80033 |
CVE-2008-6073 |
310 |
|
+Info |
2009-02-10 |
2017-08-07 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
StorageCrypt 2.0.1 does not properly encrypt disks, which allows local users to obtain sensitive information via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
80034 |
CVE-2008-6072 |
|
|
DoS |
2009-02-10 |
2009-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images. |
|
80035 |
CVE-2008-6071 |
119 |
|
DoS Exec Code Overflow |
2009-02-10 |
2017-08-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information. |
|
80036 |
CVE-2008-6070 |
119 |
|
DoS Exec Code Overflow |
2009-02-10 |
2017-08-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information. |
|
80037 |
CVE-2008-6069 |
89 |
|
Exec Code Sql |
2009-02-10 |
2018-10-11 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. |
|
80038 |
CVE-2008-6068 |
89 |
|
Exec Code Sql |
2009-02-10 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php. |
|
80039 |
CVE-2008-6066 |
94 |
|
Exec Code File Inclusion |
2009-02-04 |
2017-08-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
80040 |
CVE-2008-6065 |
264 |
|
+Priv |
2009-02-04 |
2018-10-30 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141. |
|
80041 |
CVE-2008-6064 |
89 |
|
Exec Code Sql |
2009-02-04 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote attackers to execute arbitrary SQL commands via the cat parameter to agenda/index.php, and unspecified other vectors. |
|
80042 |
CVE-2008-6063 |
200 |
|
+Info |
2009-02-04 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name. |
|
80043 |
CVE-2008-6062 |
79 |
|
XSS |
2009-02-04 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637. |
|
80044 |
CVE-2008-6061 |
79 |
|
XSS |
2009-02-04 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) controller files created by Techsmith Camtasia Studio before 5 allows remote attackers to inject arbitrary additional SWF content via a URL in the csPreloader parameter. |
|
80045 |
CVE-2008-6060 |
79 |
|
XSS |
2009-02-04 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the dataURL parameter. |
|
80046 |
CVE-2008-6059 |
264 |
|
+Info |
2009-02-04 |
2017-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. |
|
80047 |
CVE-2008-6058 |
20 |
|
DoS |
2009-02-04 |
2009-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Syslserve 1.058 and earlier, and probably 1.059, allows remote attackers to cause a denial of service (hang) via a crafted UDP Syslog packet. |
|
80048 |
CVE-2008-6057 |
264 |
|
|
2009-02-04 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. |
|
80049 |
CVE-2008-6056 |
79 |
|
XSS |
2009-02-04 |
2018-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to emailrecipe.aspx, (2) id parameter to recipedetail.aspx, and the (3) catid parameter to validatefieldlength.aspx. |
|
80050 |
CVE-2008-6055 |
264 |
|
|
2009-02-04 |
2009-02-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PreProjects Pre Classified Listings stores pclasp.mdb under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request. |
