CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2008 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-4811 264 Exec Code 2008-10-31 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
2 CVE-2008-4810 94 Exec Code 2008-10-31 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.
3 CVE-2008-4809 2008-10-31 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
4 CVE-2008-4806 89 Exec Code Sql 2008-10-31 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5 CVE-2008-4804 89 Exec Code Sql 2008-10-31 2019-07-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
6 CVE-2008-4801 119 Exec Code Overflow 2008-10-31 2018-11-02
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port.
7 CVE-2008-4798 94 Exec Code 2008-10-30 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.
8 CVE-2008-4796 78 Exec Code 2008-10-30 2021-09-30
10.0
None Remote Low Not required Complete Complete Complete
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.
9 CVE-2008-4794 20 Exec Code 2008-10-30 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.
10 CVE-2008-4793 264 Bypass 2008-10-29 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.
11 CVE-2008-4786 89 Exec Code Sql 2008-10-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
12 CVE-2008-4785 89 Exec Code Sql 2008-10-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
13 CVE-2008-4784 287 Bypass 2008-10-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
aflog 1.01 allows remote attackers to bypass authentication and gain administrative access by setting the aflog_auth_a cookie to "A" or "O" in (1) edit_delete.php, (2) edit_cat.php, (3) edit_lock.php, and (4) edit_form.php.
14 CVE-2008-4783 287 Bypass 2008-10-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
tlAds 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the tlAds_login cookie to "admin."
15 CVE-2008-4782 89 Exec Code Sql 2008-10-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
16 CVE-2008-4781 22 Dir. Trav. 2008-10-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in update.php in MyKtools 2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langage parameter.
17 CVE-2008-4779 119 DoS Exec Code Overflow 2008-10-29 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.
18 CVE-2008-4778 89 Exec Code Sql 2008-10-29 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.
19 CVE-2008-4777 89 Exec Code Sql 2008-10-29 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
20 CVE-2008-4772 89 Exec Code Sql 2008-10-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.
21 CVE-2008-4771 119 Exec Code Overflow 2008-10-28 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information.
22 CVE-2008-4769 22 Dir. Trav. 2008-10-28 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.
23 CVE-2008-4768 89 Exec Code Sql 2008-10-28 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-2007-4808. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
24 CVE-2008-4767 20 Exec Code 2008-10-28 2019-07-01
9.0
None Remote Low ??? Complete Complete Complete
Unrestricted file upload vulnerability in the DownloadsPlus module in PHP-Nuke allows remote attackers to execute arbitrary code by uploading a file with (1) .htm, (2) .html, or (3) .txt extensions, then accessing it via a direct request to the file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: it is unclear how allowing the upload of .html or .txt files supports arbitrary code execution; this might be legitimate functionality.
25 CVE-2008-4766 89 Exec Code Sql 2008-10-28 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
26 CVE-2008-4765 89 1 Exec Code Sql 2008-10-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
27 CVE-2008-4762 119 DoS Exec Code Overflow 2008-10-28 2018-10-11
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath parameters.
28 CVE-2008-4757 89 Exec Code Sql 2008-10-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.
29 CVE-2008-4755 89 Exec Code Sql 2008-10-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
30 CVE-2008-4753 89 Exec Code Sql 2008-10-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.
31 CVE-2008-4752 287 Bypass 2008-10-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin.
32 CVE-2008-4750 119 Exec Code Overflow 2008-10-27 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property.
33 CVE-2008-4749 2008-10-27 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile method.
34 CVE-2008-4748 20 DoS Exec Code 2008-10-27 2017-09-29
7.6
None Remote High Not required Complete Complete Complete
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.
35 CVE-2008-4746 89 Exec Code Sql 2008-10-27 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp.
36 CVE-2008-4744 89 Exec Code Sql 2008-10-27 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.
37 CVE-2008-4743 89 Exec Code Sql 2008-10-27 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter.
38 CVE-2008-4738 89 Exec Code Sql 2008-10-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
39 CVE-2008-4736 89 Exec Code Sql 2008-10-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter.
40 CVE-2008-4735 94 Exec Code File Inclusion 2008-10-24 2017-09-29
8.5
None Remote Medium ??? Complete Complete Complete
PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file parameter.
41 CVE-2008-4734 352 CSRF 2008-10-24 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the wpcr_do_options_page function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcr_hidden_form_input parameter.
42 CVE-2008-4732 89 Exec Code Sql 2008-10-24 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter.
43 CVE-2008-4731 2008-10-24 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown impact and attack vectors.
44 CVE-2008-4728 Exec Code 2008-10-24 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
45 CVE-2008-4726 119 Exec Code Overflow 2008-10-24 2018-10-11
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.
46 CVE-2008-4722 287 DoS 2008-10-23 2017-08-08
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.
47 CVE-2008-4721 287 Bypass 2008-10-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."
48 CVE-2008-4720 94 Exec Code File Inclusion 2008-10-23 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2) page/forums/category.php.
49 CVE-2008-4719 94 Exec Code File Inclusion 2008-10-23 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329.
50 CVE-2008-4718 22 Dir. Trav. 2008-10-23 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
Total number of vulnerabilities : 288   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.