CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2008 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-3430 119 1 Exec Code Overflow 2008-07-31 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer.
2 CVE-2008-3424 264 Bypass 2008-07-31 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions.
3 CVE-2008-3420 89 Exec Code Sql 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.
4 CVE-2008-3419 89 Exec Code Sql 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.
5 CVE-2008-3418 89 Exec Code Sql 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
6 CVE-2008-3417 89 Exec Code Sql 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561.
7 CVE-2008-3416 89 Exec Code Sql 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.
8 CVE-2008-3415 22 Dir. Trav. 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in common.php in CMScout 2.05, when .htaccess is not supported, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bit parameter, as demonstrated by an upload to avatar/ of a .jpg file containing PHP sequences.
9 CVE-2008-3414 89 Exec Code Sql 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.
10 CVE-2008-3413 89 Exec Code Sql 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
11 CVE-2008-3412 89 Exec Code Sql 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.
12 CVE-2008-3411 287 2008-07-31 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.
13 CVE-2008-3409 119 DoS Exec Code Overflow Mem. Corr. 2008-07-31 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a UDP packet containing a large value in a certain size field, followed by a data string of that size, aka attack 1 in ut3mendo.c.
14 CVE-2008-3406 89 Exec Code Sql 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
15 CVE-2008-3403 89 Exec Code Sql 2008-07-31 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.
16 CVE-2008-3402 94 Exec Code File Inclusion 2008-07-31 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
17 CVE-2008-3401 94 Exec Code File Inclusion 2008-07-31 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
18 CVE-2008-3393 89 Exec Code Sql 2008-07-31 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter.
19 CVE-2008-3388 89 Exec Code Sql 2008-07-30 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
20 CVE-2008-3387 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.
21 CVE-2008-3386 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
22 CVE-2008-3384 22 Dir. Trav. 2008-07-30 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2) file parameters.
23 CVE-2008-3383 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action.
24 CVE-2008-3382 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
25 CVE-2008-3378 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
26 CVE-2008-3377 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
27 CVE-2008-3376 264 2008-07-30 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.
28 CVE-2008-3375 287 Bypass 2008-07-30 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
29 CVE-2008-3374 89 Exec Code Sql 2008-07-30 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
30 CVE-2008-3372 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
31 CVE-2008-3371 22 Dir. Trav. 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
32 CVE-2008-3370 89 Exec Code Sql 2008-07-30 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field.
33 CVE-2008-3369 89 Exec Code Sql 2008-07-30 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
34 CVE-2008-3366 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774.
35 CVE-2008-3364 119 Exec Code Overflow 2008-07-30 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.
36 CVE-2008-3363 22 Dir. Trav. 2008-07-30 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
37 CVE-2008-3362 20 Exec Code 2008-07-30 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.
38 CVE-2008-3361 119 Exec Code Overflow 2008-07-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.
39 CVE-2008-3360 119 Exec Code Overflow 2008-07-29 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
40 CVE-2008-3359 89 Exec Code Sql 2008-07-29 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
41 CVE-2008-3355 89 Exec Code Sql 2008-07-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
42 CVE-2008-3354 94 Exec Code File Inclusion 2008-07-28 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
43 CVE-2008-3352 89 Exec Code Sql 2008-07-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.
44 CVE-2008-3351 89 Exec Code Sql 2008-07-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.
45 CVE-2008-3349 264 DoS Exec Code +Info 2008-07-28 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160.
46 CVE-2008-3347 89 Exec Code Sql 2008-07-28 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.
47 CVE-2008-3346 89 Exec Code Sql 2008-07-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter.
48 CVE-2008-3343 89 Exec Code Sql 2008-07-28 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action.
49 CVE-2008-3341 89 Exec Code Sql 2008-07-28 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex JobSite allow remote attackers to execute arbitrary SQL commands via the (1) jobcountryid and (2) jobstateid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
50 CVE-2008-3335 94 2008-07-27 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
Total number of vulnerabilities : 238   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.