CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2008 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5284 189 DoS 2008-11-29 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third party information.
2 CVE-2008-5282 119 Exec Code Overflow 2008-11-29 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
3 CVE-2008-5281 119 1 Exec Code Overflow 2008-11-29 2008-12-01
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.
4 CVE-2008-5279 119 Exec Code Overflow +Info 2008-11-29 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information.
5 CVE-2008-5275 22 Exec Code Dir. Trav. 2008-11-28 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
6 CVE-2008-5273 89 Exec Code Sql 2008-11-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
7 CVE-2008-5270 89 Exec Code Sql 2008-11-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter.
8 CVE-2008-5269 89 Exec Code Sql 2008-11-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
9 CVE-2008-5268 89 Exec Code Sql 2008-11-28 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
10 CVE-2008-5246 119 Exec Code Overflow 2008-11-26 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11 CVE-2008-5245 119 Overflow 2008-11-26 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
xine-lib before 1.1.15 performs V4L video frame preallocation before ascertaining the required length, which has unknown impact and attack vectors, possibly related to a buffer overflow in the open_video_capture_device function in src/input/input_v4l.c.
12 CVE-2008-5244 2008-11-26 2009-02-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.
13 CVE-2008-5238 189 DoS Exec Code Overflow 2008-11-26 2018-10-11
7.1
None Remote Medium Not required None None Complete
Integer overflow in the real_parse_mdpr function in demux_real.c in xine-lib 1.1.12, and other versions before 1.1.15, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted stream_name_size field.
14 CVE-2008-5237 189 DoS Exec Code Overflow 2008-11-26 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) crafted width and height values that are not validated by the mymng_process_header function in demux_mng.c before use in an allocation calculation or (2) crafted current_atom_size and string_size values processed by the parse_reference_atom function in demux_qt.c for an RDRF_ATOM string.
15 CVE-2008-5236 119 Exec Code Overflow 2008-11-26 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other 1.1.15 and earlier versions, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted EBML element length processed by the parse_block_group function in demux_matroska.c; (2) a certain combination of sps, w, and h values processed by the real_parse_audio_specific_data and demux_real_send_chunk functions in demux_real.c; and (3) an unspecified combination of three values processed by the open_ra_file function in demux_realaudio.c. NOTE: vector 2 reportedly exists because of an incomplete fix in 1.1.15.
16 CVE-2008-5235 119 Exec Code Overflow 2008-11-26 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the demux_real_send_chunk function in src/demuxers/demux_real.c in xine-lib before 1.1.15 allows remote attackers to execute arbitrary code via a crafted Real Media file. NOTE: some of these details are obtained from third party information.
17 CVE-2008-5234 119 Exec Code Overflow 2008-11-26 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and (2) frame reading in the id3v23_interp_frame function in id3.c. NOTE: as of 20081122, it is possible that vector 1 has not been fixed in 1.1.15.
18 CVE-2008-5232 787 2 Exec Code Overflow 2008-11-26 2019-12-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
19 CVE-2008-5231 119 Exec Code Overflow 2008-11-26 2008-11-26
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ExecuteRequest method in the Novell iPrint ActiveX control in ienipp.ocx in Novell iPrint Client 5.06 and earlier allows remote attackers to execute arbitrary code via a long target-frame option value, a different vulnerability than CVE-2008-2431.
20 CVE-2008-5227 94 Exec Code File Inclusion 2008-11-25 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008.
21 CVE-2008-5226 89 Exec Code Sql 2008-11-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
22 CVE-2008-5223 89 Exec Code Sql 2008-11-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
23 CVE-2008-5222 89 Exec Code Sql 2008-11-25 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
24 CVE-2008-5221 287 2008-11-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
25 CVE-2008-5220 20 Exec Code 2008-11-25 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
26 CVE-2008-5219 287 2008-11-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
27 CVE-2008-5216 89 Exec Code Sql 2008-11-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
28 CVE-2008-5215 89 Exec Code Sql 2008-11-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.
29 CVE-2008-5213 89 Exec Code Sql 2008-11-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
30 CVE-2008-5212 89 Exec Code Sql 2008-11-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
31 CVE-2008-5210 94 Exec Code File Inclusion 2008-11-24 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776.
32 CVE-2008-5208 89 Exec Code Sql 2008-11-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
33 CVE-2008-5206 94 Exec Code File Inclusion 2008-11-21 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in MosXML 1 Alpha allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
34 CVE-2008-5201 22 Dir. Trav. File Inclusion 2008-11-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
35 CVE-2008-5200 89 Exec Code Sql 2008-11-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
36 CVE-2008-5199 94 Exec Code File Inclusion 2008-11-21 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include.php in PHPOutsourcing IdeaBox (aka IdeBox) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the gorumDir parameter.
37 CVE-2008-5198 89 Exec Code Sql 2008-11-21 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.
38 CVE-2008-5197 89 Exec Code Sql 2008-11-21 2021-04-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
39 CVE-2008-5196 89 Exec Code Sql 2008-11-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
40 CVE-2008-5195 89 Exec Code Sql 2008-11-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
41 CVE-2008-5194 89 Exec Code Sql 2008-11-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
42 CVE-2008-5192 89 Exec Code Sql 2008-11-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.
43 CVE-2008-5191 89 Exec Code Sql 2008-11-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
44 CVE-2008-5190 89 Exec Code Sql 2008-11-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.
45 CVE-2008-5188 255 +Info 2008-11-21 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
46 CVE-2008-5187 119 DoS Exec Code Overflow 2008-11-21 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.
47 CVE-2008-5186 20 File Inclusion 2008-11-21 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path.
48 CVE-2008-5184 255 Bypass CSRF 2008-11-21 2009-01-29
10.0
None Remote Low Not required Complete Complete Complete
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
49 CVE-2008-5178 119 Exec Code Overflow 2008-11-20 2017-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
50 CVE-2008-5177 119 DoS Exec Code Overflow 2008-11-20 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a Windows platform, related to ytwindtb.dll; via a long username field during authentication.
Total number of vulnerabilities : 212   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.