CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14251 CVE-2008-0672 20 DoS 2008-02-11 2018-10-15
5.0
None Remote Low Not required None None Partial
The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.
14252 CVE-2008-0644 XSS Bypass 2008-03-11 2017-08-07
5.0
None Remote Low Not required None Partial None
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
14253 CVE-2008-0636 200 +Info 2008-02-12 2018-10-15
5.0
None Remote Low Not required Partial None None
Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information.
14254 CVE-2008-0613 59 2008-02-06 2018-10-15
5.0
None Remote Low Not required None Partial None
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
14255 CVE-2008-0608 119 DoS Overflow 2008-02-06 2018-10-15
5.0
None Remote Low Not required None None Partial
The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823.
14256 CVE-2008-0597 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
14257 CVE-2008-0596 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.
14258 CVE-2008-0594 2008-02-08 2018-10-15
5.0
None Remote Low Not required None Partial None
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
14259 CVE-2008-0570 20 2008-02-04 2008-10-11
5.0
None Remote Low Not required None Partial None
The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.
14260 CVE-2008-0559 22 Dir. Trav. 2008-02-04 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.
14261 CVE-2008-0549 189 DoS Overflow 2008-02-01 2017-08-07
5.0
None Remote Low Not required None None Partial
Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via a long Ogg tag.
14262 CVE-2008-0548 189 DoS 2008-02-01 2017-08-07
5.0
None Remote Low Not required None None Partial
Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails.
14263 CVE-2008-0542 22 Dir. Trav. 2008-02-01 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
14264 CVE-2008-0521 22 Dir. Trav. 2008-01-31 2017-09-28
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
14265 CVE-2008-0501 22 Dir. Trav. 2008-01-30 2017-09-28
5.8
None Remote Medium Not required Partial Partial None
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
14266 CVE-2008-0489 22 Dir. Trav. 2008-01-30 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
14267 CVE-2008-0481 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
14268 CVE-2008-0480 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
14269 CVE-2008-0479 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
14270 CVE-2008-0475 20 +Info 2008-01-29 2017-08-07
5.0
None Remote Low Not required Partial None None
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14271 CVE-2008-0466 287 Dir. Trav. 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
14272 CVE-2008-0465 22 Dir. Trav. 2008-01-25 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
14273 CVE-2008-0464 22 Dir. Trav. 2008-01-25 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
14274 CVE-2008-0452 22 Dir. Trav. 2008-01-24 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.
14275 CVE-2008-0445 DoS 2008-01-24 2017-08-07
5.0
None Remote Low Not required None None Partial
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
14276 CVE-2008-0440 255 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
14277 CVE-2008-0435 22 Dir. Trav. 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.
14278 CVE-2008-0431 22 Dir. Trav. 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
14279 CVE-2008-0425 264 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.
14280 CVE-2008-0410 287 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
14281 CVE-2008-0407 287 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
14282 CVE-2008-0406 20 DoS 2008-01-28 2018-10-15
5.0
None Remote Low Not required None None Partial
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
14283 CVE-2008-0403 287 2008-01-23 2018-10-15
5.5
None Remote Low Single system Partial Partial None
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.
14284 CVE-2008-0395 200 +Info 2008-01-23 2018-10-15
5.0
None Remote Low Not required Partial None None
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
14285 CVE-2008-0393 22 Dir. Trav. 2008-01-22 2017-09-28
5.8
None Remote Medium Not required Partial Partial None
Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.
14286 CVE-2008-0372 264 Bypass 2008-01-22 2018-10-15
5.0
None Remote Low Not required Partial None None
8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.
14287 CVE-2008-0367 200 +Info 2008-01-18 2018-10-26
5.0
None Remote Low Not required None Partial None
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
14288 CVE-2008-0364 119 DoS Overflow 2008-01-18 2018-10-15
5.0
None Remote Low Not required None None Partial
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
14289 CVE-2008-0351 287 Bypass 2008-01-17 2017-09-28
5.0
None Remote Low Not required Partial None None
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.
14290 CVE-2008-0338 22 Dir. Trav. 2008-01-17 2017-09-28
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
14291 CVE-2008-0333 22 Dir. Trav. 2008-01-17 2017-09-28
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.
14292 CVE-2008-0332 22 Dir. Trav. 2008-01-17 2018-10-15
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
14293 CVE-2008-0329 264 2008-01-17 2017-09-28
5.0
None Remote Low Not required None Partial None
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.
14294 CVE-2008-0297 200 +Info 2008-01-16 2017-09-28
5.0
None Remote Low Not required Partial None None
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
14295 CVE-2008-0294 2008-01-16 2017-08-07
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors.
14296 CVE-2008-0285 DoS 2008-01-15 2008-09-05
5.0
None Remote Low Not required None None Partial
ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.
14297 CVE-2008-0275 264 2008-01-15 2017-08-07
5.0
None Remote Low Not required Partial None None
The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content.
14298 CVE-2008-0263 399 DoS 2008-01-15 2008-11-15
5.0
None Remote Low Not required None None Partial
The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.
14299 CVE-2008-0261 399 DoS 2008-01-15 2017-08-07
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.
14300 CVE-2008-0260 20 +Info 2008-01-15 2017-09-28
5.0
None Remote Low Not required None Partial None
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.
Total number of vulnerabilities : 21278   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 (This Page)287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.