CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2008 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2008-3209 119 Exec Code Overflow 2008-07-18 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information.
102 CVE-2008-3207 94 Exec Code File Inclusion 2008-07-18 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.
103 CVE-2008-3206 89 Exec Code Sql 2008-07-18 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black Cat allows remote attackers to execute arbitrary SQL commands via the category parameter.
104 CVE-2008-3204 89 Exec Code Sql 2008-07-17 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.
105 CVE-2008-3203 287 2008-07-17 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
106 CVE-2008-3200 89 Exec Code Sql 2008-07-17 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action.
107 CVE-2008-3199 20 DoS 2008-07-17 2017-08-08
7.8
None Remote Low Not required None None Complete
Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow remote attackers to cause a denial of service (stack consumption) via unknown network traffic with a large "bytes-in-memory/bytes-on-wire ratio."
108 CVE-2008-3198 94 Exec Code 2008-07-17 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933.
109 CVE-2008-3196 399 2008-07-16 2012-11-27
7.8
None Remote Low Not required None None Complete
skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack.
110 CVE-2008-3193 89 Exec Code Sql 2008-07-16 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI.
111 CVE-2008-3189 89 Exec Code Sql 2008-07-16 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager allows remote attackers to execute arbitrary SQL commands via the id parameter.
112 CVE-2008-3183 94 Exec Code File Inclusion 2008-07-15 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter.
113 CVE-2008-3182 119 Exec Code Overflow 2008-07-15 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.
114 CVE-2008-3179 22 Dir. Trav. 2008-07-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
115 CVE-2008-3178 20 Exec Code 2008-07-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/.
116 CVE-2008-3169 119 DoS Exec Code Overflow 2008-07-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in Empire Server before 4.3.15 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to a "coordinate normalization bug." NOTE: some of these details are obtained from third party information.
117 CVE-2008-3167 94 Exec Code File Inclusion 2008-07-14 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.
118 CVE-2008-3166 94 Exec Code File Inclusion 2008-07-14 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter.
119 CVE-2008-3164 22 Dir. Trav. 2008-07-14 2017-09-29
7.6
None Remote High Not required Complete Complete Complete
Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.
120 CVE-2008-3162 119 DoS Exec Code Overflow 2008-07-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
121 CVE-2008-3160 2008-07-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1.3, as used by IBM System Storage N series Filer and IBM System Storage N series Gateway, have unknown impact and attack vectors.
122 CVE-2008-3159 189 Exec Code Overflow 2008-07-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."
123 CVE-2008-3156 264 2008-07-11 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
124 CVE-2008-3155 119 DoS Exec Code Overflow 2008-07-11 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
125 CVE-2008-3154 89 Exec Code Sql 2008-07-11 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.
126 CVE-2008-3153 89 Exec Code Sql 2008-07-11 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
127 CVE-2008-3152 89 Exec Code Sql 2008-07-11 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.
128 CVE-2008-3151 89 Exec Code Sql 2008-07-11 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.
129 CVE-2008-3150 22 Exec Code Dir. Trav. Bypass 2008-07-11 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php.
130 CVE-2008-3149 22 DoS Dir. Trav. 2008-07-11 2018-10-11
7.8
None Remote Low Not required None None Complete
The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB.
131 CVE-2008-3136 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.
132 CVE-2008-3135 189 DoS 2008-07-10 2018-10-11
7.8
None Remote Low Not required None None Complete
Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a large numeric value in a 0x80 data block.
133 CVE-2008-3132 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
134 CVE-2008-3129 89 Exec Code Sql 2008-07-10 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value parameter in the news page and (2) webpage parameter in the webpage_multi_edit form.
135 CVE-2008-3125 89 Exec Code Sql 2008-07-10 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
136 CVE-2008-3124 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.
137 CVE-2008-3123 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
138 CVE-2008-3119 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in DreamPics Builder allows remote attackers to execute arbitrary SQL commands via the page parameter.
139 CVE-2008-3118 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter.
140 CVE-2008-3116 134 Exec Code 2008-07-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.
141 CVE-2008-3115 16 2008-07-09 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases.
142 CVE-2008-3113 264 2008-07-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.
143 CVE-2008-3112 264 Dir. Trav. 2008-07-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.
144 CVE-2008-3111 119 Overflow +Priv 2008-07-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
145 CVE-2008-3109 264 +Priv 2008-07-09 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
146 CVE-2008-3108 119 Overflow +Priv 2008-07-09 2019-07-31
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.
147 CVE-2008-3107 264 +Priv 2008-07-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
148 CVE-2008-3105 264 DoS 2008-07-09 2018-10-11
8.3
None Remote Medium Not required Partial Partial Complete
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.
149 CVE-2008-3103 264 2008-07-09 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
150 CVE-2008-3090 89 Exec Code Sql 2008-07-09 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO GUN +) 2.5.5 MySQL and PostgreSQL editions allow remote attackers to execute arbitrary SQL commands via the (1) p, (2) e, (3) d, and (4) m parameters, a different vulnerability than CVE-2008-2819.
Total number of vulnerabilities : 238   Page : 1 2 3 (This Page)4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.