The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
8.75%
Published
2008-11-29
Updated
2018-10-11
Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action.
Max CVSS
6.4
EPSS Score
0.72%
Published
2008-11-29
Updated
2008-12-02
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
Max CVSS
10.0
EPSS Score
74.65%
Published
2008-11-29
Updated
2018-10-11
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.
Max CVSS
10.0
EPSS Score
1.34%
Published
2008-11-29
Updated
2008-12-01
The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server 2.0 and 2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted requests without required parameters.
Max CVSS
5.0
EPSS Score
6.46%
Published
2008-11-29
Updated
2011-03-08
The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
4.05%
Published
2008-11-29
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
Max CVSS
4.3
EPSS Score
51.22%
Published
2008-11-28
Updated
2017-08-08
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
Max CVSS
7.5
EPSS Score
3.50%
Published
2008-11-28
Updated
2017-08-08
Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
0.38%
Published
2008-11-28
Updated
2017-08-08
SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
Max CVSS
7.5
EPSS Score
0.17%
Published
2008-11-28
Updated
2017-09-29
Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the template parameter to (1) starnet/editors/fckeditor/studenteditor.php; (2) starnet/modules/sn_news/edit_content.php, reached through starnet/index.php; and (3) starnet/modules/sn_newsletter/edit_content.php, reached through starnet/index.php.
Max CVSS
4.0
EPSS Score
0.40%
Published
2008-11-28
Updated
2017-09-29
Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman SyndeoCMS 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2008-11-28
Updated
2017-10-19
SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2008-11-28
Updated
2017-09-29
SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2008-11-28
Updated
2017-09-29
SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
Max CVSS
7.5
EPSS Score
0.07%
Published
2008-11-28
Updated
2018-10-11
SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter.
Max CVSS
6.8
EPSS Score
0.09%
Published
2008-11-28
Updated
2017-09-29
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.
Max CVSS
4.3
EPSS Score
0.36%
Published
2008-11-28
Updated
2018-10-11
Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter.
Max CVSS
6.8
EPSS Score
1.52%
Published
2008-11-28
Updated
2017-09-29
Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action.
Max CVSS
4.3
EPSS Score
0.27%
Published
2008-11-28
Updated
2018-10-11
webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan.
Max CVSS
4.3
EPSS Score
1.72%
Published
2008-11-27
Updated
2017-08-08
The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file.
Max CVSS
4.4
EPSS Score
0.04%
Published
2008-11-27
Updated
2017-08-08
xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via "MP3 files with metadata consisting only of separators."
Max CVSS
4.3
EPSS Score
0.69%
Published
2008-11-26
Updated
2009-11-24
The real_parse_audio_specific_data function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, uses an untrusted height (aka codec_data_length) value as a divisor, which allow remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero value.
Max CVSS
4.3
EPSS Score
2.22%
Published
2008-11-26
Updated
2018-10-11
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
9.3
EPSS Score
10.73%
Published
2008-11-26
Updated
2017-08-08
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
Max CVSS
9.3
EPSS Score
0.23%
Published
2008-11-26
Updated
2017-08-08
448 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!