CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2008-3377 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
52 CVE-2008-3376 264 2008-07-30 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.
53 CVE-2008-3375 287 Bypass 2008-07-30 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie.
54 CVE-2008-3374 89 Exec Code Sql 2008-07-30 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
55 CVE-2008-3373 189 DoS 2008-07-30 2018-10-11
5.0
None Remote Low Not required None None Partial
The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.
56 CVE-2008-3372 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
57 CVE-2008-3371 22 Dir. Trav. 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
58 CVE-2008-3370 89 Exec Code Sql 2008-07-30 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field.
59 CVE-2008-3369 89 Exec Code Sql 2008-07-30 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
60 CVE-2008-3368 94 Exec Code File Inclusion 2008-07-30 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter.
61 CVE-2008-3367 79 XSS 2008-07-30 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web Wiz Rich Text Editor (RTE) 3.x and 4.x before 4.03 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
62 CVE-2008-3366 89 Exec Code Sql 2008-07-30 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774.
63 CVE-2008-3365 22 Dir. Trav. 2008-07-30 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on Windows, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language_full parameter.
64 CVE-2008-3364 119 Exec Code Overflow 2008-07-30 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.
65 CVE-2008-3363 22 Dir. Trav. 2008-07-30 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include parameter.
66 CVE-2008-3362 20 Exec Code 2008-07-30 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.
67 CVE-2008-3361 119 Exec Code Overflow 2008-07-29 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.
68 CVE-2008-3360 119 Exec Code Overflow 2008-07-29 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
69 CVE-2008-3359 89 Exec Code Sql 2008-07-29 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
70 CVE-2008-3355 89 Exec Code Sql 2008-07-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
71 CVE-2008-3354 94 Exec Code File Inclusion 2008-07-28 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
72 CVE-2008-3353 79 XSS 2008-07-28 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Pure Software Lore before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) article comments feature and the (2) search log feature.
73 CVE-2008-3352 89 Exec Code Sql 2008-07-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.
74 CVE-2008-3351 89 Exec Code Sql 2008-07-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.
75 CVE-2008-3350 DoS 2008-07-28 2017-08-08
5.0
None Remote Low Not required None None Partial
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
76 CVE-2008-3349 264 DoS Exec Code +Info 2008-07-28 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160.
77 CVE-2008-3348 79 XSS 2008-07-28 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the year parameter.
78 CVE-2008-3347 89 Exec Code Sql 2008-07-28 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.
79 CVE-2008-3346 89 Exec Code Sql 2008-07-28 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter.
80 CVE-2008-3345 89 Exec Code Sql 2008-07-28 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.
81 CVE-2008-3344 79 XSS 2008-07-28 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a allow remote attackers to inject arbitrary web script or HTML via the (1) ResultHtml, (2) dir, (3) SenderName, (4) RecipientName, (5) SenderMail, and (6) RecipientMail parameters.
82 CVE-2008-3343 89 Exec Code Sql 2008-07-28 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action.
83 CVE-2008-3342 79 XSS 2008-07-28 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr allows remote attackers to inject arbitrary web script or HTML via the read parameter in an edp_News action.
84 CVE-2008-3341 89 Exec Code Sql 2008-07-28 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex JobSite allow remote attackers to execute arbitrary SQL commands via the (1) jobcountryid and (2) jobstateid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
85 CVE-2008-3340 79 XSS 2008-07-28 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search_result.cfm in Jobbex JobSite allows remote attackers to inject arbitrary web script or HTML via the searchFor variable (possibly the opt parameter.)
86 CVE-2008-3339 200 +Info 2008-07-28 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message.
87 CVE-2008-3336 79 XSS 2008-07-27 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.
88 CVE-2008-3335 94 2008-07-27 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
89 CVE-2008-3334 79 XSS 2008-07-27 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.
90 CVE-2008-3333 22 Dir. Trav. 2008-07-27 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in core/lang_api.php in Mantis before 1.1.2 allows remote attackers to include and execute arbitrary files via the language parameter to the user preferences page (account_prefs_update.php).
91 CVE-2008-3332 94 Exec Code 2008-07-27 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter.
92 CVE-2008-3331 79 XSS 2008-07-27 2017-09-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
93 CVE-2008-3330 79 XSS 2008-07-27 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.
94 CVE-2008-3329 59 2008-07-27 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."
95 CVE-2008-3328 79 XSS 2008-07-27 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
96 CVE-2008-3327 200 +Info 2008-07-25 2018-10-11
4.3
None Remote Medium Not required Partial None None
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.
97 CVE-2008-3326 79 XSS 2008-07-25 2020-12-01
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
98 CVE-2008-3325 352 +Priv CSRF 2008-07-25 2018-11-01
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
99 CVE-2008-3323 20 Exec Code 2008-07-28 2018-10-11
7.6
None Remote High Not required Complete Complete Complete
setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.
100 CVE-2008-3322 287 Bypass 2008-07-25 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
Total number of vulnerabilities : 517   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.