CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2008-3205 22 Dir. Trav. 2008-07-17 2017-09-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in Easy-Script Wysi Wiki Wyg 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
202 CVE-2008-3204 89 Exec Code Sql 2008-07-17 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.
203 CVE-2008-3203 287 2008-07-17 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform authentication, which allows remote attackers to add, edit, and delete web content via a modified id parameter.
204 CVE-2008-3202 79 XSS 2008-07-17 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Xomol CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the current_url parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
205 CVE-2008-3201 79 XSS 2008-07-17 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Pagefusion 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) acct_fname and (2) acct_lname parameters in an edit action, and the (3) PID, (4) PGID, and (5) rez parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
206 CVE-2008-3200 89 Exec Code Sql 2008-07-17 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action.
207 CVE-2008-3199 20 DoS 2008-07-17 2017-08-08
7.8
None Remote Low Not required None None Complete
Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow remote attackers to cause a denial of service (stack consumption) via unknown network traffic with a large "bytes-in-memory/bytes-on-wire ratio."
208 CVE-2008-3198 94 Exec Code 2008-07-17 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933.
209 CVE-2008-3197 352 CSRF 2008-07-16 2017-08-08
3.5
None Remote Medium ??? None Partial None
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.
210 CVE-2008-3196 399 2008-07-16 2012-11-27
7.8
None Remote Low Not required None None Complete
skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack.
211 CVE-2008-3194 22 Dir. Trav. 2008-07-16 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in data/inc/themes/predefined_variables.php in pluck 4.5.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) langpref, (2) file, (3) blogpost, or (4) cat parameter.
212 CVE-2008-3193 89 Exec Code Sql 2008-07-16 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI.
213 CVE-2008-3192 22 Dir. Trav. 2008-07-16 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
214 CVE-2008-3191 89 Exec Code Sql 2008-07-16 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.
215 CVE-2008-3190 22 Exec Code Dir. Trav. 2008-07-16 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
216 CVE-2008-3189 89 Exec Code Sql 2008-07-16 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager allows remote attackers to execute arbitrary SQL commands via the id parameter.
217 CVE-2008-3188 326 2008-07-22 2021-03-30
5.0
None Remote Low Not required Partial None None
libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the configuration specifies the MD5 algorithm, which makes it easier for attackers to conduct brute-force attacks against hashed passwords.
218 CVE-2008-3187 20 DoS 2008-07-21 2017-08-08
5.0
None Remote Low Not required None None Partial
zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 does not ask the user before accepting repository keys, which allows remote repositories to cause a denial of service (package data corruption) via a spoofed key.
219 CVE-2008-3186 79 XSS 2008-07-15 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
220 CVE-2008-3185 89 Exec Code Sql 2008-07-15 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
221 CVE-2008-3184 79 Exec Code XSS 2008-07-15 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code.
222 CVE-2008-3183 94 Exec Code File Inclusion 2008-07-15 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter.
223 CVE-2008-3182 119 Exec Code Overflow 2008-07-15 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.
224 CVE-2008-3181 20 Exec Code 2008-07-15 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in upload.php in ContentNow CMS 1.4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/.
225 CVE-2008-3180 79 XSS 2008-07-15 2017-09-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in upload/file/language_menu.php in ContentNow CMS 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) pageid parameter or (2) PATH_INFO.
226 CVE-2008-3179 22 Dir. Trav. 2008-07-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in website.php in Web 2 Business (W2B) phpDatingClub (aka Dating Club) 3.7 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
227 CVE-2008-3178 20 Exec Code 2008-07-15 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in upload_pictures.php in WebXell Editor 0.1.3 allows remote attackers to execute arbitrary code by uploading a .php file with a jpeg content type, then accessing it via a direct request to the file in upload/.
228 CVE-2008-3177 16 DoS 2008-07-15 2017-08-08
5.0
None Remote Low Not required None None Partial
Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments.
229 CVE-2008-3173 264 2008-07-14 2021-07-23
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer allows web sites to set cookies for domains that have a public suffix with more than one dot character, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking." NOTE: this issue may exist because of an insufficient fix for CVE-2004-0866.
230 CVE-2008-3172 264 2008-07-14 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."
231 CVE-2008-3171 200 +Info 2008-07-14 2017-08-08
5.0
None Remote Low Not required Partial None None
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
232 CVE-2008-3170 264 2008-07-14 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867.
233 CVE-2008-3169 119 DoS Exec Code Overflow 2008-07-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in Empire Server before 4.3.15 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to a "coordinate normalization bug." NOTE: some of these details are obtained from third party information.
234 CVE-2008-3168 200 +Info 2008-07-14 2017-08-08
5.0
None Remote Low Not required Partial None None
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.
235 CVE-2008-3167 94 Exec Code File Inclusion 2008-07-14 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.
236 CVE-2008-3166 94 Exec Code File Inclusion 2008-07-14 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter.
237 CVE-2008-3165 22 Dir. Trav. 2008-07-14 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter, as demonstrated using content.php, a different vector than CVE-2007-4805.
238 CVE-2008-3164 22 Dir. Trav. 2008-07-14 2017-09-29
7.6
None Remote High Not required Complete Complete Complete
Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter. NOTE: it was later reported that 3.01a is also affected.
239 CVE-2008-3163 22 Dir. Trav. 2008-07-14 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dodosmail_header_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
240 CVE-2008-3162 119 DoS Exec Code Overflow 2008-07-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
241 CVE-2008-3161 79 XSS 2008-07-14 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
242 CVE-2008-3160 2008-07-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1.3, as used by IBM System Storage N series Filer and IBM System Storage N series Gateway, have unknown impact and attack vectors.
243 CVE-2008-3159 189 Exec Code Overflow 2008-07-14 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."
244 CVE-2008-3158 264 2008-07-11 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in NWFS.SYS in Novell Client for Windows 4.91 SP4 has unknown impact and attack vectors, possibly related to IOCTL requests that overwrite arbitrary memory.
245 CVE-2008-3157 399 DoS 2008-07-11 2017-08-08
5.0
None Remote Low Not required None None Partial
Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions.
246 CVE-2008-3156 264 2008-07-11 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
247 CVE-2008-3155 119 DoS Exec Code Overflow 2008-07-11 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
248 CVE-2008-3154 89 Exec Code Sql 2008-07-11 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.
249 CVE-2008-3153 89 Exec Code Sql 2008-07-11 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
250 CVE-2008-3152 89 Exec Code Sql 2008-07-11 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.
Total number of vulnerabilities : 517   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.