| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
15301 |
CVE-2008-0674 |
119 |
|
Exec Code Overflow |
2008-02-18 |
2018-10-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255. |
|
15302 |
CVE-2008-0673 |
|
|
|
2008-02-11 |
2018-10-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory. |
|
15303 |
CVE-2008-0670 |
89 |
|
Exec Code Sql |
2008-02-11 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action. |
|
15304 |
CVE-2008-0662 |
200 |
|
+Priv +Info |
2008-02-07 |
2018-10-15 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. |
|
15305 |
CVE-2008-0654 |
22 |
|
Dir. Trav. |
2008-02-07 |
2018-10-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the _VIEW (view) parameter to (1) index.php, (2) html/sitio/index.php, or (3) src/sistema/vistas/template/tpl_inicio.php. |
|
15306 |
CVE-2008-0653 |
89 |
|
Exec Code Sql |
2008-02-07 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action. |
|
15307 |
CVE-2008-0652 |
89 |
|
Exec Code Sql |
2008-02-07 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. |
|
15308 |
CVE-2008-0651 |
89 |
|
Exec Code Sql |
2008-02-07 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
15309 |
CVE-2008-0650 |
89 |
|
Exec Code Sql |
2008-02-07 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
15310 |
CVE-2008-0649 |
89 |
|
Exec Code Sql |
2008-02-07 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter. |
|
15311 |
CVE-2008-0646 |
119 |
|
DoS Overflow |
2008-02-07 |
2008-11-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message. |
|
15312 |
CVE-2008-0645 |
94 |
|
Exec Code File Inclusion |
2008-02-07 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) config/conf-activation.php, (2) menu/item.php, and (3) modules/conf_modules.php in admin/system/; and (4) system/login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
15313 |
CVE-2008-0635 |
94 |
|
Exec Code |
2008-02-06 |
2018-10-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. |
|
15314 |
CVE-2008-0634 |
119 |
|
Exec Code Overflow |
2008-02-06 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1, as used in Sejoong Namo ActiveSquare6, allows remote attackers to execute arbitrary code via a long argument to the Install method, a different vulnerability than CVE-2008-0551. |
|
15315 |
CVE-2008-0628 |
264 |
|
DoS |
2008-02-06 |
2018-10-15 |
7.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Complete |
|
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. |
|
15316 |
CVE-2008-0621 |
119 |
|
Exec Code Overflow |
2008-02-06 |
2018-10-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. |
|
15317 |
CVE-2008-0614 |
89 |
|
Exec Code Sql |
2008-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action. |
|
15318 |
CVE-2008-0612 |
22 |
|
Dir. Trav. |
2008-02-06 |
2018-10-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in htdocs/install/index.php in XOOPS 2.0.18 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. |
|
15319 |
CVE-2008-0611 |
89 |
|
Exec Code Sql |
2008-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
15320 |
CVE-2008-0609 |
22 |
|
Dir. Trav. |
2008-02-06 |
2018-10-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in index.php in DivideConcept VHD Web Pack 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. |
|
15321 |
CVE-2008-0607 |
89 |
|
Exec Code Sql |
2008-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
15322 |
CVE-2008-0606 |
89 |
|
Exec Code Sql |
2008-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter. |
|
15323 |
CVE-2008-0603 |
89 |
|
Exec Code Sql |
2008-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task. |
|
15324 |
CVE-2008-0601 |
89 |
|
Exec Code Sql |
2008-02-06 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. |
|
15325 |
CVE-2008-0600 |
94 |
|
+Priv |
2008-02-12 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010. |
|
15326 |
CVE-2008-0588 |
264 |
|
Overflow +Priv |
2008-02-04 |
2017-09-28 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. |
|
15327 |
CVE-2008-0587 |
119 |
|
Overflow +Priv |
2008-02-04 |
2017-09-28 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. |
|
15328 |
CVE-2008-0586 |
119 |
|
Overflow +Priv |
2008-02-04 |
2017-09-28 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh. |
|
15329 |
CVE-2008-0584 |
264 |
|
Overflow +Priv |
2008-02-04 |
2017-09-28 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs. |
|
15330 |
CVE-2008-0581 |
264 |
|
+Priv |
2008-02-04 |
2018-10-15 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch. |
|
15331 |
CVE-2008-0579 |
89 |
|
Exec Code Sql |
2008-02-04 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action. |
|
15332 |
CVE-2008-0573 |
264 |
|
+Priv |
2008-02-04 |
2017-09-28 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request. |
|
15333 |
CVE-2008-0567 |
94 |
|
Exec Code File Inclusion |
2008-02-04 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/. |
|
15334 |
CVE-2008-0562 |
89 |
|
Exec Code Sql |
2008-02-04 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
|
15335 |
CVE-2008-0561 |
89 |
|
Exec Code Sql |
2008-02-04 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
|
15336 |
CVE-2008-0557 |
89 |
|
Exec Code Sql |
2008-02-04 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
|
15337 |
CVE-2008-0556 |
264 |
|
CSRF |
2008-02-18 |
2017-08-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, and possibly earlier versions, allows remote attackers to perform unauthorized actions as authorized users via a link or IMG tag to RAServer. |
|
15338 |
CVE-2008-0555 |
20 |
|
Bypass |
2008-04-03 |
2018-10-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables. |
|
15339 |
CVE-2008-0546 |
89 |
|
Exec Code Sql |
2008-02-01 |
2018-10-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp. |
|
15340 |
CVE-2008-0545 |
22 |
|
Dir. Trav. |
2008-02-01 |
2017-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521. |
|
15341 |
CVE-2008-0543 |
89 |
|
Exec Code Sql |
2008-02-01 |
2018-10-15 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information. |
|
15342 |
CVE-2008-0537 |
|
|
DoS |
2008-03-27 |
2017-08-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. |
|
15343 |
CVE-2008-0536 |
287 |
|
DoS |
2008-05-22 |
2017-08-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563. |
|
15344 |
CVE-2008-0535 |
255 |
|
DoS |
2008-05-22 |
2017-08-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239. |
|
15345 |
CVE-2008-0534 |
20 |
|
DoS |
2008-05-22 |
2017-08-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device restart or daemon outage) via a high rate of login attempts, aka Bug ID CSCsi68582. |
|
15346 |
CVE-2008-0527 |
20 |
|
DoS |
2008-02-14 |
2017-08-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request. |
|
15347 |
CVE-2008-0526 |
20 |
|
DoS |
2008-02-14 |
2017-08-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. |
|
15348 |
CVE-2008-0524 |
352 |
|
CSRF |
2008-01-31 |
2017-08-07 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors. |
|
15349 |
CVE-2008-0520 |
89 |
|
Exec Code Sql |
2008-01-31 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php. |
|
15350 |
CVE-2008-0519 |
89 |
|
Exec Code Sql |
2008-01-31 |
2017-09-28 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action. |
