| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2008-3861 |
89 |
|
Exec Code Sql |
2008-08-29 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php. |
|
2 |
CVE-2008-3856 |
264 |
|
|
2008-08-28 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. |
|
3 |
CVE-2008-3854 |
119 |
|
DoS Overflow |
2008-08-28 |
2018-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function. |
|
4 |
CVE-2008-3853 |
119 |
|
DoS Exec Code Overflow |
2008-08-28 |
2017-08-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676. |
|
5 |
CVE-2008-3848 |
89 |
|
Exec Code Sql |
2008-08-27 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
6 |
CVE-2008-3845 |
89 |
|
Exec Code Sql |
2008-08-27 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php. |
|
7 |
CVE-2008-3844 |
20 |
|
|
2008-08-27 |
2017-08-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known. |
|
8 |
CVE-2008-3838 |
20 |
|
DoS |
2008-08-27 |
2017-08-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global zones, possibly leading to file modifications or a denial of service. |
|
9 |
CVE-2008-3795 |
119 |
|
Overflow |
2008-08-27 |
2017-09-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response." |
|
10 |
CVE-2008-3787 |
89 |
|
Exec Code Sql |
2008-08-26 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. |
|
11 |
CVE-2008-3785 |
89 |
|
Exec Code Sql |
2008-08-26 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php. |
|
12 |
CVE-2008-3784 |
89 |
|
Exec Code Sql |
2008-08-26 |
2020-08-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. |
|
13 |
CVE-2008-3780 |
89 |
|
Exec Code Sql |
2008-08-26 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter. |
|
14 |
CVE-2008-3778 |
264 |
|
DoS +Priv |
2008-08-25 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request. |
|
15 |
CVE-2008-3774 |
89 |
1
|
Exec Code Sql |
2008-08-22 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
16 |
CVE-2008-3772 |
89 |
|
Exec Code Sql |
2008-08-22 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
|
17 |
CVE-2008-3768 |
89 |
|
Exec Code Sql |
2008-08-22 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors. |
|
18 |
CVE-2008-3767 |
89 |
|
Exec Code Sql |
2008-08-22 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter. |
|
19 |
CVE-2008-3765 |
89 |
1
|
Exec Code Sql |
2008-08-21 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
20 |
CVE-2008-3764 |
94 |
|
Exec Code |
2008-08-21 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php. |
|
21 |
CVE-2008-3762 |
89 |
|
Exec Code Sql |
2008-08-21 |
2018-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php. |
|
22 |
CVE-2008-3759 |
352 |
|
CSRF |
2008-08-21 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors. |
|
23 |
CVE-2008-3757 |
89 |
|
Exec Code Sql |
2008-08-21 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
24 |
CVE-2008-3756 |
89 |
1
|
Exec Code Sql |
2008-08-21 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
25 |
CVE-2008-3755 |
89 |
1
|
Exec Code Sql |
2008-08-21 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter. |
|
26 |
CVE-2008-3754 |
89 |
|
Exec Code Sql |
2008-08-21 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
27 |
CVE-2008-3753 |
89 |
|
Exec Code Sql |
2008-08-21 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
28 |
CVE-2008-3752 |
89 |
|
Exec Code Sql |
2008-08-21 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
29 |
CVE-2008-3751 |
89 |
1
|
Exec Code Sql |
2008-08-21 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
30 |
CVE-2008-3750 |
89 |
1
|
Exec Code Sql |
2008-08-21 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
31 |
CVE-2008-3749 |
89 |
|
Exec Code Sql |
2008-08-21 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
32 |
CVE-2008-3748 |
89 |
|
Exec Code Sql |
2008-08-21 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
33 |
CVE-2008-3747 |
264 |
|
|
2008-08-27 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. |
|
34 |
CVE-2008-3737 |
94 |
|
|
2008-08-27 |
2017-08-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact. |
|
35 |
CVE-2008-3734 |
134 |
|
DoS Exec Code |
2008-08-20 |
2017-09-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response). |
|
36 |
CVE-2008-3733 |
119 |
|
DoS Exec Code Overflow |
2008-08-20 |
2017-09-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element. |
|
37 |
CVE-2008-3732 |
189 |
|
DoS Exec Code Overflow |
2008-08-20 |
2017-09-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. |
|
38 |
CVE-2008-3729 |
287 |
|
Bypass |
2008-08-20 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie. |
|
39 |
CVE-2008-3725 |
89 |
|
Exec Code Sql |
2008-08-20 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
40 |
CVE-2008-3724 |
89 |
|
Exec Code Sql |
2008-08-20 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter. |
|
41 |
CVE-2008-3722 |
89 |
|
Exec Code Sql |
2008-08-20 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
42 |
CVE-2008-3721 |
94 |
|
Exec Code File Inclusion |
2008-08-20 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. |
|
43 |
CVE-2008-3720 |
89 |
|
Exec Code Sql |
2008-08-20 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679. |
|
44 |
CVE-2008-3719 |
89 |
|
Exec Code Sql |
2008-08-20 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action. |
|
45 |
CVE-2008-3713 |
89 |
|
Exec Code Sql |
2008-08-19 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter. |
|
46 |
CVE-2008-3711 |
89 |
|
Exec Code Sql |
2008-08-19 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action. |
|
47 |
CVE-2008-3707 |
94 |
1
|
Exec Code File Inclusion |
2008-08-19 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php in path/; and (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (16) copy_vip.php, (17) delete_ban.php, (18) delete_board.php, (19) delete_messages.php, (20) delete_vip.php, (21) edit_ban.php, (22) edit_board.php, (23) edit_vip.php, (24) index.php, (25) lock_messages.php, (26) login.php, (27) modify_ban_list.php, (28) modify_vip_list.php, (29) move_messages.php, (30) process_add_board.php, (31) process_ban.php, (32) process_delete_ban.php, (33) process_delete_board.php, (34) process_delete_messages.php, (35) process_delete_vip.php, (36) process_edit_board.php, (37) process_lock_messages.php, (38) process_login.php, (39) process_move_messages.php, (40) process_sticky_messages.php, (41) process_vip.php, and (42) sticky_messages.php in path/adminopts. NOTE: the include/common.php vector is covered by CVE-2006-2871. NOTE: some of these vectors might not be vulnerabilities under proper installation. |
|
48 |
CVE-2008-3706 |
89 |
|
Exec Code Sql |
2008-08-19 |
2017-09-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter. |
|
49 |
CVE-2008-3705 |
119 |
|
Exec Code Overflow |
2008-08-19 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the CLogger::WriteFormated function in echoware/Logger.cpp in EchoVNC Linux before 1.1.2 allows remote echoServers to execute arbitrary code via a large (1) group or (2) user list, aka a "very crowded echoServer" attack. NOTE: some of these details are obtained from third party information. |
|
50 |
CVE-2008-3704 |
119 |
|
Exec Code Overflow Mem. Corr. |
2008-08-18 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability." |
