Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6793 | 1 Dflabs | 1 Ptk | 2018-10-11 | 6.8 MEDIUM | N/A |
| The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. | |||||
| CVE-2008-6702 | 1 Stalker-game | 1 S.t.a.l.k.e.r.\ | 2018-10-11 | 5.0 MEDIUM | N/A |
| S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception. | |||||
| CVE-2008-6511 | 1 Igniterealtime | 1 Openfire | 2018-10-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. | |||||
| CVE-2008-6528 | 1 Tmaxsoft | 1 Jeus | 2018-10-11 | 5.0 MEDIUM | N/A |
| NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the source code for scripts by appending ::$DATA to the URL, which accesses the alternate data stream. | |||||
| CVE-2008-6555 | 1 Puppetmaster | 1 Webutil | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command. | |||||
| CVE-2008-6948 | 1 Collabtive | 1 Collabtive | 2018-10-11 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature. | |||||
| CVE-2008-6556 | 1 Puppet Master | 1 Webutil | 2018-10-11 | 10.0 HIGH | N/A |
| cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command. | |||||
| CVE-2008-5580 | 1 Mini-pub | 1 Mini-pub | 2018-10-11 | 7.5 HIGH | N/A |
| mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument. | |||||
| CVE-2008-5715 | 2 Microsoft, Mozilla | 2 Windows Vista, Firefox | 2018-10-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms. | |||||
| CVE-2008-5544 | 2 Hacksoft, Microsoft | 2 The Hacker, Internet Explorer | 2018-10-11 | 9.3 HIGH | N/A |
| Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5674 | 1 Darkwet | 1 Webcam Xp | 2018-10-11 | 9.4 HIGH | N/A |
| Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component. | |||||
| CVE-2008-5546 | 2 Microsoft, Virusblokada | 2 Internet Explorer, Vba32 Antivirus | 2018-10-11 | 9.3 HIGH | N/A |
| VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5543 | 2 Microsoft, Symantec | 2 Internet Explorer, Antivirus | 2018-10-11 | 9.3 HIGH | N/A |
| Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5669 | 1 Textpattern | 1 Textpattern | 2018-10-11 | 5.0 MEDIUM | N/A |
| index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter. | |||||
| CVE-2008-5693 | 1 Ipswitch | 1 Ws Ftp | 2018-10-11 | 5.0 MEDIUM | N/A |
| Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character. | |||||
| CVE-2008-5887 | 1 Tincan | 1 Phplist | 2018-10-11 | 5.0 MEDIUM | N/A |
| phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." | |||||
| CVE-2008-5547 | 1 Hauri | 1 Virobot | 2018-10-11 | 9.3 HIGH | N/A |
| HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||
| CVE-2008-5870 | 1 Faststone | 1 Image Viewer | 2018-10-11 | 4.3 MEDIUM | N/A |
| FastStone Image Viewer 3.6 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with large width and height values, possibly a related issue to CVE-2007-1942. | |||||
| CVE-2008-5581 | 1 Mini-pub | 1 Mini-pub | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter. | |||||
| CVE-2008-5810 | 1 Fujitsu-siemens | 1 Webtransactions | 2018-10-11 | 10.0 HIGH | N/A |
| WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs. | |||||