CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2008 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-1078 59 2008-02-29 2018-10-11
7.2
None Local Low Not required Complete Complete Complete
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
2 CVE-2008-1077 89 Exec Code Sql 2008-02-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action.
3 CVE-2008-1066 20 2008-02-28 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
4 CVE-2008-1065 89 Exec Code Sql 2008-02-28 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
5 CVE-2008-1060 94 Exec Code 2008-02-28 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.
6 CVE-2008-1059 94 Exec Code File Inclusion 2008-02-28 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
7 CVE-2008-1058 DoS 2008-02-28 2018-10-30
7.8
None Remote Low Not required None None Complete
The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 allows attackers to cause a denial of service (panic) via crafted TCP packets. NOTE: some of these details are obtained from third party information.
8 CVE-2008-1057 DoS 2008-02-28 2018-10-30
7.8
None Remote Low Not required None None Complete
The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.
9 CVE-2008-1055 134 DoS Exec Code 2008-02-27 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
10 CVE-2008-1053 89 Exec Code Sql 2008-02-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.
11 CVE-2008-1050 89 Exec Code Sql 2008-02-27 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
12 CVE-2008-1049 2008-02-27 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and 1.8.x before 1.8b, as used in Parallels H-Sphere 3.0 before Patch 9 and 2.5 before Patch 11, has unknown impact and attack vectors.
13 CVE-2008-1044 119 Exec Code Overflow 2008-02-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the Quantum Streaming Player (Quantum Streaming IE Player) ActiveX control (aka QSP2IE.QSP2IE) in qsp2ie07076007.dll 7.7.6.7 and qsp2ie07074039.dll 7.7.4.39 in Move Media Player allows remote attackers to execute arbitrary code via a long argument to the UploadLogs method, a different vector than CVE-2007-4722. NOTE: some of these details are obtained from third party information.
14 CVE-2008-1043 94 Exec Code File Inclusion 2008-02-27 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.
15 CVE-2008-1040 119 Exec Code Overflow 2008-02-27 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.
16 CVE-2008-1039 89 Exec Code Sql 2008-02-27 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.
17 CVE-2008-0984 399 Exec Code 2008-02-26 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
18 CVE-2008-0973 119 Overflow 2008-02-25 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) 4.5.0.1629, and other 4.5.0.x versions, allows remote attackers to have an unknown impact via a packet with a long string in the username field.
19 CVE-2008-0943 89 Exec Code Sql 2008-02-25 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.
20 CVE-2008-0942 89 Exec Code Sql 2008-02-25 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter.
21 CVE-2008-0939 89 Exec Code Sql 2008-02-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
22 CVE-2008-0936 89 Exec Code Sql 2008-02-25 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
23 CVE-2008-0935 119 Exec Code Overflow 2008-02-25 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method.
24 CVE-2008-0934 89 Exec Code Sql 2008-02-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
25 CVE-2008-0932 20 Exec Code 2008-02-25 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.
26 CVE-2008-0922 89 Exec Code Sql 2008-02-22 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
27 CVE-2008-0921 89 Exec Code Sql 2008-02-22 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
28 CVE-2008-0918 89 Exec Code Sql 2008-02-22 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
29 CVE-2008-0916 89 Exec Code Sql 2008-02-22 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php.
30 CVE-2008-0912 119 DoS Exec Code Overflow 2008-02-22 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information.
31 CVE-2008-0910 264 Bypass 2008-02-22 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, F-Secure Protection Service, and others, allow remote attackers to bypass malware detection via a crafted RAR archive. NOTE: this might be related to CVE-2008-0792.
32 CVE-2008-0908 89 Exec Code Sql 2008-02-22 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to execute arbitrary SQL commands via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
33 CVE-2008-0907 89 Exec Code Sql 2008-02-22 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
34 CVE-2008-0906 89 Exec Code Sql 2008-02-22 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
35 CVE-2008-0904 200 +Info 2008-02-22 2011-03-08
7.8
None Remote Low Not required Complete None None
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.
36 CVE-2008-0901 255 2008-02-22 2018-10-15
7.1
None Remote Medium Not required Complete None None
BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not.
37 CVE-2008-0897 264 Bypass 2008-02-22 2011-03-08
7.9
None Remote Medium ??? Complete Complete None
Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptions.
38 CVE-2008-0882 119 DoS Exec Code Overflow 2008-02-21 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.
39 CVE-2008-0881 89 Exec Code Sql 2008-02-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
40 CVE-2008-0880 89 Exec Code Sql 2008-02-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
41 CVE-2008-0879 89 Exec Code Sql 2008-02-21 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
42 CVE-2008-0878 89 Exec Code Sql 2008-02-21 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
43 CVE-2008-0874 89 Exec Code Sql 2008-02-21 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
44 CVE-2008-0873 89 Exec Code Sql 2008-02-21 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action.
45 CVE-2008-0870 59 2008-02-21 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under certain circumstances, can redirect a user from the https:// URI for the Portal Administration Console to an http URI, which allows remote attackers to sniff the session.
46 CVE-2008-0860 2008-02-21 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs.
47 CVE-2008-0858 94 Exec Code Overflow 2008-02-21 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors.
48 CVE-2008-0857 89 Exec Code Sql 2008-02-21 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
49 CVE-2008-0856 89 Exec Code Sql 2008-02-21 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
50 CVE-2008-0855 89 Exec Code Sql 2008-02-21 2018-10-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
Total number of vulnerabilities : 262   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.