CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14701 CVE-2008-0813 22 Dir. Trav. 2008-02-18 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter.
14702 CVE-2008-0797 22 Dir. Trav. 2008-02-15 2017-08-07
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in lib/download.php in iTheora 1.0 rc1 allows remote attackers to read arbitrary files via directory traversal sequences in the url parameter.
14703 CVE-2008-0792 264 Bypass 2008-02-14 2017-08-07
5.8
None Remote Medium Not required Partial Partial None
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
14704 CVE-2008-0791 20 DoS 2008-02-14 2018-10-15
5.0
None Remote Low Not required None None Partial
ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to cause a denial of service (CPU consumption) via short packets on TCP port 5001 with the 3, 5, 7, 13, 14, or 15 packet types.
14705 CVE-2008-0790 22 Dir. Trav. 2008-02-14 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
14706 CVE-2008-0784 200 +Info 2008-02-14 2018-10-15
5.0
None Remote Low Not required Partial None None
graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.
14707 CVE-2008-0782 22 Exec Code Dir. Trav. 2008-02-14 2018-10-03
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.
14708 CVE-2008-0767 189 DoS 2008-02-13 2018-10-15
5.0
None Remote Low Not required None None Partial
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a packet to the Service Location Protocol (SLP) service on UDP port 427, triggering an out-of-bounds read.
14709 CVE-2008-0760 22 Dir. Trav. 2008-02-13 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-6483.
14710 CVE-2008-0759 310 DoS 2008-02-13 2018-10-15
5.0
None Remote Low Not required None None Partial
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allows remote attackers to cause a denial of service (daemon crash) via an invalid UAM field in a request to the Apple Filing Protocol (AFP) service on TCP port 548.
14711 CVE-2008-0758 22 Dir. Trav. 2008-02-13 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in the Zidget/HTTP embedded HTTP server in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier allow remote attackers to read arbitrary (1) gif, (2) png, (3) jpg, (4) xml, (5) ico, (6) zip, and (7) html files via a "..\" (dot dot backslash) sequence in the filename.
14712 CVE-2008-0756 DoS 2008-02-13 2018-10-15
5.0
None Remote Low Not required None None Partial
The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; allows remote attackers to cause a denial of service (daemon crash) via a connection that begins with (1) a "Send queue state" LPD command 3 or (2) a "Send queue state" LPD command 4.
14713 CVE-2008-0736 200 +Info 2008-02-12 2018-10-15
5.0
None Remote Low Not required Partial None None
admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly other 4.x and 3.x versions, allows remote attackers to obtain the path via a certain value of the FedExAccount parameter.
14714 CVE-2008-0724 255 2008-02-11 2018-10-15
5.0
None Remote Low Not required Partial None None
The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts.
14715 CVE-2008-0709 264 2008-04-07 2017-08-07
5.5
None Remote Low Single system Partial Partial None
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.
14716 CVE-2008-0703 22 Dir. Trav. 2008-02-11 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in sflog! 0.96 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) permalink or (2) section parameter to index.php, possibly involving includes/entries.inc.php and other files included by index.php.
14717 CVE-2008-0701 264 2008-02-11 2008-12-17
5.0
None Remote Low Not required None Partial None
ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check permissions during importing, which allows remote attackers to have an unknown impact via activation of a new item, possibly involving addition of arbitrary new content.
14718 CVE-2008-0672 20 DoS 2008-02-11 2018-10-15
5.0
None Remote Low Not required None None Partial
The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.
14719 CVE-2008-0644 XSS Bypass 2008-03-11 2017-08-07
5.0
None Remote Low Not required None Partial None
Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.
14720 CVE-2008-0636 200 +Info 2008-02-12 2018-10-15
5.0
None Remote Low Not required Partial None None
Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SC_About.htm, which provides version and patch information.
14721 CVE-2008-0613 59 2008-02-06 2018-10-15
5.0
None Remote Low Not required None Partial None
Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the xoops_redirect parameter.
14722 CVE-2008-0608 119 DoS Overflow 2008-02-06 2018-10-15
5.0
None Remote Low Not required None None Partial
The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch WS_FTP 6.1 allows remote attackers to cause a denial of service (loss of responsiveness) via a large number of large packets to port 5151/udp, which causes the listening socket to terminate and prevents log commands from being recorded, a different vulnerability than CVE-2007-3823.
14723 CVE-2008-0597 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
14724 CVE-2008-0596 399 DoS 2008-02-25 2018-10-15
5.0
None Remote Low Not required None None Partial
Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.
14725 CVE-2008-0594 2008-02-08 2018-10-15
5.0
None Remote Low Not required None Partial None
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
14726 CVE-2008-0570 20 2008-02-04 2008-10-11
5.0
None Remote Low Not required None Partial None
The OpenID 5.x-1.0 and earlier module for Drupal does not properly verify the claimed_id returned by an OpenID provider, which allows remote OpenID providers to spoof OpenID authentication for domains associated with other providers.
14727 CVE-2008-0559 22 Dir. Trav. 2008-02-04 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the permalink parameter in core.php, accessed through index.php; and (2) the thispost parameter in comments.php.
14728 CVE-2008-0549 189 DoS Overflow 2008-02-01 2017-08-07
5.0
None Remote Low Not required None None Partial
Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via a long Ogg tag.
14729 CVE-2008-0548 189 DoS 2008-02-01 2017-08-07
5.0
None Remote Low Not required None None Partial
Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails.
14730 CVE-2008-0542 22 Dir. Trav. 2008-02-01 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
14731 CVE-2008-0521 22 Dir. Trav. 2008-01-31 2017-09-28
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545.
14732 CVE-2008-0501 22 Dir. Trav. 2008-01-30 2017-09-28
5.8
None Remote Medium Not required Partial Partial None
Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI.
14733 CVE-2008-0489 22 Dir. Trav. 2008-01-30 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
14734 CVE-2008-0481 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action.
14735 CVE-2008-0480 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
14736 CVE-2008-0479 22 Dir. Trav. 2008-01-29 2018-10-15
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter.
14737 CVE-2008-0475 20 +Info 2008-01-29 2017-08-07
5.0
None Remote Low Not required Partial None None
ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14738 CVE-2008-0466 287 Dir. Trav. 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
14739 CVE-2008-0465 22 Dir. Trav. 2008-01-25 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter.
14740 CVE-2008-0464 22 Dir. Trav. 2008-01-25 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
14741 CVE-2008-0452 22 Dir. Trav. 2008-01-24 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action.
14742 CVE-2008-0445 DoS 2008-01-24 2017-08-07
5.0
None Remote Low Not required None None Partial
The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information.
14743 CVE-2008-0440 255 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts.
14744 CVE-2008-0435 22 Dir. Trav. 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action.
14745 CVE-2008-0431 22 Dir. Trav. 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter.
14746 CVE-2008-0425 264 2008-01-23 2017-09-28
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter.
14747 CVE-2008-0410 287 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
14748 CVE-2008-0407 287 2008-01-28 2018-10-15
5.0
None Remote Low Not required Partial None None
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
14749 CVE-2008-0406 20 DoS 2008-01-28 2018-10-15
5.0
None Remote Low Not required None None Partial
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
14750 CVE-2008-0403 287 2008-01-23 2018-10-15
5.5
None Remote Low Single system Partial Partial None
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.
Total number of vulnerabilities : 21278   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 (This Page)296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.