CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2008-3321 287 Bypass 2008-07-25 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
102 CVE-2008-3320 287 Bypass 2008-07-25 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
103 CVE-2008-3319 287 Bypass 2008-07-25 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
104 CVE-2008-3318 287 Bypass 2008-07-25 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
105 CVE-2008-3317 287 Bypass 2008-07-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
106 CVE-2008-3316 79 XSS 2008-07-25 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3) functions.inc.
107 CVE-2008-3315 79 XSS 2008-07-25 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. NOTE: this may overlap CVE-2006-3257 and CVE-2005-1374.
108 CVE-2008-3314 20 DoS 2008-07-25 2018-10-11
5.0
None Remote Low Not required None None Partial
ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted type 6 command, which triggers a NULL pointer dereference.
109 CVE-2008-3313 94 Exec Code File Inclusion 2008-07-25 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
110 CVE-2008-3312 22 Dir. Trav. 2008-07-25 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in lemon_includes/FCKeditor/editor/filemanager/browser/browser.php in Lemon CMS 1.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be an issue in FCKeditor.
111 CVE-2008-3311 94 Exec Code File Inclusion 2008-07-25 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
112 CVE-2008-3310 89 Exec Code Sql 2008-07-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter.
113 CVE-2008-3309 89 Exec Code Sql 2008-07-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
114 CVE-2008-3308 94 Exec Code File Inclusion 2008-07-25 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter.
115 CVE-2008-3307 89 Exec Code Sql 2008-07-25 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.
116 CVE-2008-3306 89 Exec Code Sql 2008-07-25 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
117 CVE-2008-3305 79 XSS 2008-07-25 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
118 CVE-2008-3304 200 +Info 2008-07-25 2017-10-19
5.0
None Remote Low Not required Partial None None
BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message.
119 CVE-2008-3303 264 Bypass 2008-07-25 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters.
120 CVE-2008-3302 89 Exec Code Sql 2008-07-25 2017-09-29
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
121 CVE-2008-3301 79 XSS 2008-07-25 2017-10-19
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_new_post] parameter to admin/post.php. NOTE: some of these details are obtained from third party information.
122 CVE-2008-3300 264 Bypass 2008-07-25 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
123 CVE-2008-3299 287 Bypass 2008-07-25 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
124 CVE-2008-3298 94 Exec Code 2008-07-25 2018-10-11
6.0
None Remote Medium ??? Partial Partial Partial
SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.
125 CVE-2008-3297 89 Exec Code Sql 2008-07-25 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
126 CVE-2008-3296 22 Dir. Trav. 2008-07-25 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in modules/system/admin.php in XOOPS 2.0.18 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
127 CVE-2008-3295 79 XSS 2008-07-25 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in XOOPS 2.0.18.1 allows remote attackers to inject arbitrary web script or HTML via the fct parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
128 CVE-2008-3294 94 Exec Code 2008-07-24 2018-10-11
3.7
None Local High Not required Partial Partial Partial
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.
129 CVE-2008-3293 22 Dir. Trav. 2008-07-24 2018-10-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.
130 CVE-2008-3292 287 +Priv Bypass 2008-07-24 2017-09-29
6.4
None Remote Low Not required Partial Partial None
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.
131 CVE-2008-3291 89 Exec Code Sql 2008-07-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
132 CVE-2008-3290 399 DoS Mem. Corr. 2008-07-24 2018-10-11
5.0
None Remote Low Not required None None Partial
retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via a series of long packets containing 0x00 characters to TCP port 497 that trigger memory corruption, probably involving an English product version on a Chinese OS version.
133 CVE-2008-3289 200 +Info 2008-07-24 2018-10-11
4.3
None Remote Medium Not required Partial None None
EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.
134 CVE-2008-3288 310 2008-07-24 2018-10-11
5.0
None Remote Low Not required Partial None None
The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords.
135 CVE-2008-3287 20 DoS 2008-07-24 2018-10-11
5.0
None Remote Low Not required None None Partial
retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows remote attackers to cause a denial of service (daemon crash) via malformed packets to TCP port 497, which trigger a NULL pointer dereference.
136 CVE-2008-3286 20 DoS 2008-07-24 2017-08-08
5.0
None Remote Low Not required None None Partial
SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string.
137 CVE-2008-3285 94 Exec Code 2008-07-24 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.
138 CVE-2008-3269 399 DoS 2008-07-24 2017-09-29
5.0
None Remote Low Not required None None Partial
WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321.
139 CVE-2008-3268 264 +Priv Bypass 2008-07-24 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when useLogonName is enabled, allows remote attackers with administrator email address knowledge to bypass restrictions and gain privileges via unspecified vectors related to login names. NOTE: some of these details are obtained from third party information.
140 CVE-2008-3267 89 Exec Code Sql 2008-07-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
141 CVE-2008-3266 89 Exec Code Sql 2008-07-24 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter.
142 CVE-2008-3265 89 Exec Code Sql 2008-07-24 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
143 CVE-2008-3264 287 DoS 2008-07-24 2018-10-11
7.8
None Remote Low Not required None None Complete
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
144 CVE-2008-3263 399 DoS 2008-07-22 2018-10-11
7.8
None Remote Low Not required None None Complete
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.
145 CVE-2008-3262 352 CSRF 2008-07-22 2018-10-11
5.8
None Remote Medium Not required Partial Partial None
Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.
146 CVE-2008-3261 59 2008-07-22 2018-10-11
4.3
None Remote Medium Not required None Partial None
Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
147 CVE-2008-3260 79 XSS 2008-07-22 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via (1) the cwd parameter in a rqMkHtml action to document/rqmkhtml.php, or the query string to (2) announcements/announcements.php, (3) calendar/agenda.php, (4) course/index.php, (5) course_description/index.php, (6) document/document.php, (7) exercise/exercise.php, (8) group/group_space.php, (9) phpbb/newtopic.php, (10) phpbb/reply.php, (11) phpbb/viewtopic.php, (12) wiki/wiki.php, or (13) work/work.php in claroline/.
148 CVE-2008-3259 200 +Info 2008-07-22 2017-08-08
1.2
None Local High Not required Partial None None
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
149 CVE-2008-3258 89 Exec Code Sql 2008-07-22 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
150 CVE-2008-3257 119 Exec Code Overflow 2008-07-22 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
Total number of vulnerabilities : 517   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.