CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2008-3769 94 Exec Code File Inclusion 2008-08-22 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.
52 CVE-2008-3768 89 Exec Code Sql 2008-08-22 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.
53 CVE-2008-3767 89 Exec Code Sql 2008-08-22 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
54 CVE-2008-3766 20 DoS 2008-08-22 2017-08-07
5.0
None Remote Low Not required None None Partial
Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages.
55 CVE-2008-3765 89 1 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
56 CVE-2008-3764 94 Exec Code 2008-08-21 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.
57 CVE-2008-3763 20 2008-08-21 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when register_globals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file.
58 CVE-2008-3762 89 Exec Code Sql 2008-08-21 2018-10-11
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
59 CVE-2008-3761 20 DoS 2008-08-21 2017-09-28
4.9
None Local Low Not required None None Complete
hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 and earlier, VMware ACE 2.5.1 and earlier, and VMware Server 1.0.x before 1.0.9 build 156507 and 2.0.x before 2.0.1 build 156745 uses the METHOD_NEITHER communication method for IOCTLs, which allows local users to cause a denial of service via a crafted IOCTL request.
60 CVE-2008-3760 352 CSRF 2008-08-21 2017-08-07
4.3
None Remote Medium Not required None None Partial
Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php.
61 CVE-2008-3759 352 CSRF 2008-08-21 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors.
62 CVE-2008-3758 79 XSS 2008-08-21 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information.
63 CVE-2008-3757 89 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
64 CVE-2008-3756 89 1 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
65 CVE-2008-3755 89 1 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
66 CVE-2008-3754 89 Exec Code Sql 2008-08-21 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
67 CVE-2008-3753 89 Exec Code Sql 2008-08-21 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
68 CVE-2008-3752 89 Exec Code Sql 2008-08-21 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
69 CVE-2008-3751 89 1 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
70 CVE-2008-3750 89 1 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
71 CVE-2008-3749 89 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
72 CVE-2008-3748 89 Exec Code Sql 2008-08-21 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
73 CVE-2008-3747 264 2008-08-27 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.
74 CVE-2008-3746 DoS 2008-08-27 2017-08-07
4.3
None Remote Medium Not required None None Partial
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
75 CVE-2008-3745 264 2008-08-27 2017-08-07
5.5
None Remote Low Single system None Partial Partial
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors.
76 CVE-2008-3744 352 CSRF 2008-08-27 2017-08-07
5.8
None Remote Medium Not required None Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules.
77 CVE-2008-3743 352 CSRF 2008-08-27 2017-08-07
5.8
None Remote Medium Not required None Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements.
78 CVE-2008-3742 264 Exec Code 2008-08-27 2017-08-07
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.
79 CVE-2008-3741 79 XSS 2008-08-27 2017-08-07
3.5
None Remote Medium Single system None Partial None
The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML.
80 CVE-2008-3740 79 XSS 2008-08-27 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
81 CVE-2008-3739 79 XSS 2008-08-27 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences.
82 CVE-2008-3738 287 2008-08-27 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
83 CVE-2008-3737 94 2008-08-27 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact.
84 CVE-2008-3736 352 CSRF 2008-08-27 2017-08-07
6.0
User Remote Medium Single system Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations.
85 CVE-2008-3735 79 1 XSS 2008-08-20 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action.
86 CVE-2008-3734 134 DoS Exec Code 2008-08-20 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response).
87 CVE-2008-3733 119 DoS Exec Code Overflow 2008-08-20 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element.
88 CVE-2008-3732 189 DoS Exec Code Overflow 2008-08-20 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
89 CVE-2008-3731 DoS 2008-08-20 2017-08-07
4.0
None Remote Low Single system None None Partial
Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation and logging.
90 CVE-2008-3730 79 XSS 2008-08-20 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
91 CVE-2008-3729 287 Bypass 2008-08-20 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie.
92 CVE-2008-3728 264 2008-08-20 2017-08-07
5.0
None Remote Low Not required Partial None None
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error messages via direct requests to files under LOG/.
93 CVE-2008-3727 22 Dir. Trav. 2008-08-20 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
94 CVE-2008-3726 79 XSS 2008-08-20 2017-08-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI.
95 CVE-2008-3725 89 Exec Code Sql 2008-08-20 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
96 CVE-2008-3724 89 Exec Code Sql 2008-08-20 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter.
97 CVE-2008-3723 22 1 Dir. Trav. 2008-08-20 2017-08-07
6.3
None Remote Medium Single system Complete None None
Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in the id parameter in an admin.templates.edittemplate action. NOTE: some of these details are obtained from third party information.
98 CVE-2008-3722 89 Exec Code Sql 2008-08-20 2017-08-07
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
99 CVE-2008-3721 94 Exec Code File Inclusion 2008-08-20 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter.
100 CVE-2008-3720 89 Exec Code Sql 2008-08-20 2017-09-28
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.
Total number of vulnerabilities : 367   Page : 1 2 (This Page)3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.