Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0930 | 2 Debian, Freshmeat | 2 Debian Linux, Xwine | 2008-09-05 | 7.2 HIGH | N/A |
| w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1113 | 2 Cisco, Vocera Communications | 2 7921 Wireless Ip Phone, Vocera Communications Badge | 2008-09-05 | 7.8 HIGH | N/A |
| Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2008-0931 | 2 Debian, Xwine | 2 Debian Linux, Xwine | 2008-09-05 | 6.3 MEDIUM | N/A |
| w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file. | |||||
| CVE-2008-1075 | 1 Maianscriptworld | 1 Maian Cart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0917 | 1 Tor World | 10 Com Vote, I-navigator, Interactive Bbs and 7 more | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi (aka Quotes of the Day) 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor Board 1.1 and earlier, Simple Vote 1.1 and earlier, and Com Vote 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-1065 | 1 Xoops | 1 Xm Memberstats | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0824 | 1 Caroline | 1 Caroline | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors. | |||||
| CVE-2008-1131 | 1 Drupal | 1 Drupal | 2008-09-05 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms. | |||||
| CVE-2008-0913 | 1 Invision Power Services | 1 Invision Power Board | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB or IP.Board) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via crafted BBCodes in an unspecified context. | |||||
| CVE-2008-1041 | 1 Matts Whois | 1 Matts Whois | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson Matt's Whois (MWhois) allows remote attackers to inject arbitrary web script or HTML via the domain parameter. | |||||
| CVE-2008-0732 | 2 Apache, Suse | 2 Geronimo, Suse Linux | 2008-09-05 | 2.1 LOW | N/A |
| The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories. | |||||
| CVE-2008-0669 | 1 Sift | 1 Unity | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity allows remote attackers to inject arbitrary web script or HTML via the qt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0540 | 1 Trixbox | 1 Trixbox | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/. | |||||
| CVE-2008-0442 | 1 Small Axe Solutions | 1 Weblog | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0630 | 1 Mplayer | 1 Mplayer | 2008-09-05 | 6.8 MEDIUM | N/A |
| Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code. | |||||
| CVE-2008-0558 | 1 Uniwin | 1 Ecart Professional | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0665 | 1 Website Meta Language | 1 Website Meta Language | 2008-09-05 | 3.6 LOW | N/A |
| wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file. | |||||
| CVE-2008-0723 | 1 Planetluc | 1 Mynews | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews 1.6.4, and other earlier 1.6.x versions, allows remote attackers to inject arbitrary web script or HTML via the hash parameter in an admin action to index.php, a different vulnerability than CVE-2006-2208.1. | |||||
| CVE-2008-0685 | 1 Itechscripts | 1 Itechclassifieds | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||||
| CVE-2008-0629 | 1 Mplayer | 1 Mplayer | 2008-09-05 | 4.3 MEDIUM | N/A |
| Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title. | |||||