| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
81901 |
CVE-2008-4096 |
20 |
|
Exec Code |
2008-09-18 |
2017-08-07 |
8.5 |
None |
Remote |
Medium |
Single system |
Complete |
Complete |
Complete |
|
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. |
|
81902 |
CVE-2008-4095 |
|
|
|
2008-09-16 |
2017-08-07 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713. |
|
81903 |
CVE-2008-4094 |
89 |
|
Exec Code Sql |
2008-09-30 |
2019-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. |
|
81904 |
CVE-2008-4093 |
89 |
|
Exec Code Sql |
2008-09-15 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. |
|
81905 |
CVE-2008-4092 |
89 |
|
Exec Code Sql |
2008-09-15 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. |
|
81906 |
CVE-2008-4091 |
89 |
|
Exec Code Sql |
2008-09-15 |
2017-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. |
|
81907 |
CVE-2008-4090 |
89 |
|
Exec Code Sql |
2008-09-15 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672. |
|
81908 |
CVE-2008-4089 |
79 |
|
XSS |
2008-09-15 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. |
|
81909 |
CVE-2008-4088 |
89 |
|
Exec Code Sql |
2008-09-15 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter. |
|
81910 |
CVE-2008-4087 |
119 |
|
DoS Exec Code Overflow |
2008-09-15 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field. |
|
81911 |
CVE-2008-4086 |
89 |
|
Exec Code Sql |
2008-09-15 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. |
|
81912 |
CVE-2008-4085 |
59 |
|
|
2008-09-15 |
2017-08-07 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/. |
|
81913 |
CVE-2008-4084 |
89 |
|
Exec Code Sql |
2008-09-15 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action. |
|
81914 |
CVE-2008-4082 |
89 |
|
Exec Code Sql |
2008-09-15 |
2017-09-28 |
4.6 |
User |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php. |
|
81915 |
CVE-2008-4081 |
287 |
|
Bypass |
2008-09-15 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
admin/login.php in Stash 1.0.3 allows remote attackers to bypass authentication and gain administrative access by setting a bsm cookie. |
|
81916 |
CVE-2008-4080 |
89 |
|
Exec Code Sql |
2008-09-15 |
2018-10-11 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information. |
|
81917 |
CVE-2008-4079 |
79 |
|
XSS |
2008-09-15 |
2008-09-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
81918 |
CVE-2008-4078 |
89 |
|
Exec Code Sql |
2008-09-15 |
2018-10-11 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
|
81919 |
CVE-2008-4077 |
399 |
|
DoS |
2008-09-15 |
2018-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length. |
|
81920 |
CVE-2008-4076 |
79 |
|
XSS |
2008-09-15 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917. |
|
81921 |
CVE-2008-4075 |
22 |
|
Dir. Trav. |
2008-09-15 |
2017-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in index.php in D-iscussion Board 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the topic parameter. |
|
81922 |
CVE-2008-4074 |
89 |
|
Exec Code Sql |
2008-09-15 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
|
81923 |
CVE-2008-4073 |
89 |
|
Exec Code Sql |
2008-09-15 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action. |
|
81924 |
CVE-2008-4072 |
89 |
|
Exec Code Sql |
2008-09-15 |
2018-10-11 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588. |
|
81925 |
CVE-2008-4071 |
20 |
|
DoS |
2008-09-15 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL. |
|
81926 |
CVE-2008-4070 |
119 |
|
DoS Exec Code Overflow |
2008-09-27 |
2017-09-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." |
|
81927 |
CVE-2008-4069 |
200 |
|
+Info |
2008-09-24 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. |
|
81928 |
CVE-2008-4068 |
22 |
|
Dir. Trav. Bypass +Info |
2008-09-24 |
2018-11-01 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. |
|
81929 |
CVE-2008-4067 |
22 |
|
Dir. Trav. |
2008-09-24 |
2018-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. |
|
81930 |
CVE-2008-4066 |
79 |
|
XSS Bypass |
2008-09-24 |
2017-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug." |
|
81931 |
CVE-2008-4065 |
79 |
|
Exec Code XSS Bypass |
2008-09-24 |
2018-11-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." |
|
81932 |
CVE-2008-4064 |
399 |
|
DoS Exec Code Overflow Mem. Corr. |
2008-09-24 |
2017-09-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. |
|
81933 |
CVE-2008-4063 |
|
|
DoS Exec Code Mem. Corr. |
2008-09-24 |
2017-09-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. |
|
81934 |
CVE-2008-4062 |
399 |
|
DoS Exec Code Mem. Corr. |
2008-09-24 |
2018-11-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. |
|
81935 |
CVE-2008-4061 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2008-09-24 |
2018-11-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine. |
|
81936 |
CVE-2008-4060 |
264 |
|
Exec Code |
2008-09-24 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. |
|
81937 |
CVE-2008-4059 |
264 |
|
Exec Code |
2008-09-24 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. |
|
81938 |
CVE-2008-4058 |
264 |
|
Exec Code |
2008-09-24 |
2018-11-01 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS. |
|
81939 |
CVE-2008-4057 |
|
|
|
2008-09-11 |
2017-08-07 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Objective Development Sharity 3 before 3.5 has unknown impact and attack vectors, related to a "serious security problem." |
|
81940 |
CVE-2008-4056 |
79 |
|
XSS |
2008-09-11 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
81941 |
CVE-2008-4055 |
89 |
|
Exec Code Sql |
2008-09-11 |
2008-09-12 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter. |
|
81942 |
CVE-2008-4054 |
89 |
|
Exec Code Sql |
2008-09-11 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
81943 |
CVE-2008-4053 |
79 |
|
XSS |
2008-09-11 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters. |
|
81944 |
CVE-2008-4052 |
119 |
|
DoS Overflow +Priv |
2008-09-11 |
2017-08-07 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors. |
|
81945 |
CVE-2008-4051 |
79 |
|
XSS |
2008-09-11 |
2017-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
81946 |
CVE-2008-4050 |
20 |
|
|
2008-09-11 |
2017-09-28 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method. |
|
81947 |
CVE-2008-4049 |
20 |
|
|
2008-09-11 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary programs via arguments to the RunApp method. |
|
81948 |
CVE-2008-4048 |
119 |
|
Exec Code Overflow |
2008-09-11 |
2017-09-28 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method. |
|
81949 |
CVE-2008-4047 |
94 |
|
Exec Code |
2008-09-11 |
2017-08-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515. |
|
81950 |
CVE-2008-4046 |
89 |
|
Exec Code Sql |
2008-09-11 |
2017-08-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. |
