CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14301 CVE-2008-0501 22 Dir. Trav. 2008-01-30 2017-09-28
5.8
None Remote Medium Not required Partial Partial None
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
14302 CVE-2008-0489 22 Dir. Trav. 2008-01-30 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
14303 CVE-2008-0481 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
14304 CVE-2008-0480 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
14305 CVE-2008-0479 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
14306 CVE-2008-0475 20 +Info 2008-01-29 2017-08-07
5.0
None Remote Low Not required Partial None None
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14307 CVE-2008-0466 287 Dir. Trav. 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
14308 CVE-2008-0465 22 Dir. Trav. 2008-01-25 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
14309 CVE-2008-0464 22 Dir. Trav. 2008-01-25 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
14310 CVE-2008-0452 22 Dir. Trav. 2008-01-24 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.
14311 CVE-2008-0445 DoS 2008-01-24 2017-08-07
5.0
None Remote Low Not required None None Partial
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
14312 CVE-2008-0440 255 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
14313 CVE-2008-0435 22 Dir. Trav. 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.
14314 CVE-2008-0431 22 Dir. Trav. 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
14315 CVE-2008-0425 264 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.
14316 CVE-2008-0410 287 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
14317 CVE-2008-0407 287 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
14318 CVE-2008-0406 20 DoS 2008-01-28 2018-10-15
5.0
None Remote Low Not required None None Partial
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
14319 CVE-2008-0403 287 2008-01-23 2018-10-15
5.5
None Remote Low Single system Partial Partial None
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.
14320 CVE-2008-0395 200 +Info 2008-01-23 2018-10-15
5.0
None Remote Low Not required Partial None None
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
14321 CVE-2008-0393 22 Dir. Trav. 2008-01-22 2017-09-28
5.8
None Remote Medium Not required Partial Partial None
Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.
14322 CVE-2008-0372 264 Bypass 2008-01-22 2018-10-15
5.0
None Remote Low Not required Partial None None
8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.
14323 CVE-2008-0367 200 +Info 2008-01-18 2018-10-26
5.0
None Remote Low Not required None Partial None
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.
14324 CVE-2008-0364 119 DoS Overflow 2008-01-18 2018-10-15
5.0
None Remote Low Not required None None Partial
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
14325 CVE-2008-0351 287 Bypass 2008-01-17 2017-09-28
5.0
None Remote Low Not required Partial None None
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.
14326 CVE-2008-0338 22 Dir. Trav. 2008-01-17 2017-09-28
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
14327 CVE-2008-0333 22 Dir. Trav. 2008-01-17 2017-09-28
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.
14328 CVE-2008-0332 22 Dir. Trav. 2008-01-17 2018-10-15
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
14329 CVE-2008-0329 264 2008-01-17 2017-09-28
5.0
None Remote Low Not required None Partial None
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.
14330 CVE-2008-0297 200 +Info 2008-01-16 2017-09-28
5.0
None Remote Low Not required Partial None None
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
14331 CVE-2008-0294 2008-01-16 2017-08-07
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors.
14332 CVE-2008-0285 DoS 2008-01-15 2008-09-05
5.0
None Remote Low Not required None None Partial
ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.
14333 CVE-2008-0275 264 2008-01-15 2017-08-07
5.0
None Remote Low Not required Partial None None
The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content.
14334 CVE-2008-0263 399 DoS 2008-01-15 2008-11-15
5.0
None Remote Low Not required None None Partial
The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.
14335 CVE-2008-0261 399 DoS 2008-01-15 2017-08-07
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.
14336 CVE-2008-0260 20 +Info 2008-01-15 2017-09-28
5.0
None Remote Low Not required None Partial None
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.
14337 CVE-2008-0249 200 +Info 2008-01-11 2017-10-10
5.0
None Remote Low Not required Partial None None
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.
14338 CVE-2008-0241 20 2008-01-11 2018-10-15
5.8
None Remote Medium Not required None Partial Partial
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.
14339 CVE-2008-0236 Exec Code 2008-01-10 2017-09-28
5.8
None Remote Medium Not required Partial Partial None
An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.
14340 CVE-2008-0209 20 2008-01-09 2018-10-15
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.
14341 CVE-2008-0199 20 DoS 2008-01-09 2018-10-15
5.0
None Remote Low Not required None None Partial
PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI.
14342 CVE-2008-0196 22 Dir. Trav. 2008-01-09 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.
14343 CVE-2008-0195 200 +Info 2008-01-09 2018-10-15
5.0
None Remote Low Not required None Partial None
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.
14344 CVE-2008-0191 200 +Info 2008-01-09 2018-10-15
5.0
None Remote Low Not required Partial None None
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.
14345 CVE-2008-0174 310 +Priv 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
14346 CVE-2008-0172 20 DoS 2008-01-17 2018-10-15
5.0
None Remote Low Not required None None Partial
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
14347 CVE-2008-0171 20 DoS 2008-01-17 2018-10-15
5.0
None Remote Low Not required None None Partial
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
14348 CVE-2008-0158 22 1 Dir. Trav. 2008-01-08 2017-09-28
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.
14349 CVE-2008-0156 22 Dir. Trav. 2008-01-08 2018-10-15
5.0
None Remote Low Not required None Partial None
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.
14350 CVE-2008-0153 399 DoS 2008-01-08 2017-08-07
5.0
None Remote Low Not required None None Partial
telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference.
Total number of vulnerabilities : 21278   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 (This Page)288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.