CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13951 CVE-2008-3682 89 Exec Code Sql 2008-08-14 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.
13952 CVE-2008-3677 22 Dir. Trav. 2008-08-14 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in includes/events_application_top.php in Freeway before 1.4.2.197 allows remote attackers to include and execute arbitrary local files via unspecified vectors.
13953 CVE-2008-3670 89 Exec Code Sql 2008-08-13 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.
13954 CVE-2008-3667 119 Exec Code Overflow 2008-08-13 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows remote attackers to execute arbitrary code via a long Content-type HTTP header.
13955 CVE-2008-3659 119 DoS Exec Code Overflow 2008-08-14 2018-10-11
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.
13956 CVE-2008-3649 89 Exec Code Sql 2008-08-12 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
13957 CVE-2008-3646 362 2008-10-10 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
13958 CVE-2008-3640 189 Exec Code Overflow 2008-10-14 2018-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.
13959 CVE-2008-3630 2008-09-10 2018-10-30
6.4
None Remote Low Not required None Partial Partial
mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
13960 CVE-2008-3626 119 DoS Exec Code Overflow Mem. Corr. 2008-09-10 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
13961 CVE-2008-3624 119 DoS Exec Code Overflow 2008-09-10 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.
13962 CVE-2008-3614 189 DoS Exec Code Overflow 2008-09-10 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
13963 CVE-2008-3613 399 DoS 2008-09-16 2017-08-07
6.1
None Local Network Low Not required None None Complete
Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.
13964 CVE-2008-3611 287 Bypass 2008-09-16 2017-08-07
6.3
None Local Medium Not required None Complete Complete
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.
13965 CVE-2008-3606 119 DoS Exec Code Overflow 2008-08-12 2018-10-11
6.5
None Remote Low Single system Partial Partial Partial
Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information.
13966 CVE-2008-3605 264 2008-08-12 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, when the Re-use Threshold for passwords is nonzero, allows remote attackers to conduct offline brute force attacks via unknown vectors.
13967 CVE-2008-3600 22 Dir. Trav. 2008-08-12 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.
13968 CVE-2008-3582 89 Exec Code Sql 2008-08-10 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
13969 CVE-2008-3561 89 Exec Code Sql 2008-08-10 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.
13970 CVE-2008-3555 22 Dir. Trav. 2008-08-08 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 and earlier, (2) Gallery 4.1.30 and earlier, (3) Knowledge Base (WSNKB) 4.1.36 and earlier, (4) Links 4.1.44 and earlier, and possibly (5) Classifieds before 4.1.30 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the TID parameter, as demonstrated by uploading a .jpg file containing PHP sequences.
13971 CVE-2008-3532 310 2008-08-08 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.
13972 CVE-2008-3531 119 Overflow +Priv 2008-09-05 2017-08-07
6.9
None Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of "user defined data" in "certain error conditions."
13973 CVE-2008-3497 89 Exec Code Sql 2008-08-06 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
13974 CVE-2008-3490 89 Exec Code Sql 2008-08-06 2017-09-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action.
13975 CVE-2008-3456 59 2008-08-04 2017-08-07
6.4
None Remote Low Not required None Partial Partial
phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.
13976 CVE-2008-3452 89 Exec Code Sql 2008-08-04 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.
13977 CVE-2008-3446 22 Dir. Trav. 2008-08-04 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
13978 CVE-2008-3432 119 Exec Code Overflow 2008-10-10 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.
13979 CVE-2008-3429 119 DoS Exec Code Overflow 2008-07-31 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL.
13980 CVE-2008-3428 287 2008-07-31 2017-08-07
6.5
User Remote Low Single system Partial Partial Partial
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
13981 CVE-2008-3425 287 2008-07-31 2017-08-07
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors.
13982 CVE-2008-3408 119 1 Exec Code Overflow 2008-07-31 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
13983 CVE-2008-3405 22 Dir. Trav. 2008-07-31 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter.
13984 CVE-2008-3399 94 Exec Code File Inclusion 2008-07-31 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
13985 CVE-2008-3390 22 Dir. Trav. 2008-07-31 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
13986 CVE-2008-3385 22 Dir. Trav. File Inclusion 2008-07-30 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
13987 CVE-2008-3368 94 Exec Code File Inclusion 2008-07-30 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.
13988 CVE-2008-3365 22 Dir. Trav. 2008-07-30 2018-10-11
6.8
User Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
13989 CVE-2008-3345 89 Exec Code Sql 2008-07-28 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.
13990 CVE-2008-3339 200 +Info 2008-07-28 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message.
13991 CVE-2008-3337 20 2008-08-08 2017-08-07
6.4
None Remote Low Not required None Partial Partial
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
13992 CVE-2008-3332 94 Exec Code 2008-07-27 2017-09-28
6.5
User Remote Low Single system Partial Partial Partial
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
13993 CVE-2008-3325 352 +Priv CSRF 2008-07-25 2018-11-01
6.0
User Remote Medium Single system Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
13994 CVE-2008-3312 22 Dir. Trav. 2008-07-25 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor.
13995 CVE-2008-3308 94 Exec Code File Inclusion 2008-07-25 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter.
13996 CVE-2008-3303 264 Bypass 2008-07-25 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
13997 CVE-2008-3302 89 Exec Code Sql 2008-07-25 2017-09-28
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
13998 CVE-2008-3298 94 Exec Code 2008-07-25 2018-10-11
6.0
None Remote Medium Single system Partial Partial Partial
SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.
13999 CVE-2008-3292 287 +Priv Bypass 2008-07-24 2017-09-28
6.4
None Remote Low Not required Partial Partial None
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
14000 CVE-2008-3279 264 +Priv 2010-04-05 2017-09-28
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.