CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2008-3151 89 Exec Code Sql 2008-07-11 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.
252 CVE-2008-3150 22 Exec Code Dir. Trav. Bypass 2008-07-11 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php.
253 CVE-2008-3149 22 DoS Dir. Trav. 2008-07-11 2018-10-11
7.8
None Remote Low Not required None None Complete
The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote attackers to cause a denial of service (daemon crash) by walking the hrSWInstalled OID branch in HOST-RESOURCES-MIB.
254 CVE-2008-3148 119 Exec Code Overflow 2008-07-11 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f allows user-assisted attackers to execute arbitrary code via a crafted DLL file that contains a long string.
255 CVE-2008-3147 200 +Info 2008-07-11 2018-10-11
4.7
None Local Medium Not required Complete None None
WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which allows local users to obtain sensitive information by reading these files.
256 CVE-2008-3145 20 DoS 2008-07-16 2018-10-11
5.0
None Remote Low Not required None None Partial
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buffer over-read.
257 CVE-2008-3141 200 +Info 2008-07-10 2018-10-11
4.9
None Local Low Not required Complete None None
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
258 CVE-2008-3140 DoS 2008-07-10 2018-10-11
5.0
None Remote Low Not required None None Partial
The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."
259 CVE-2008-3139 200 DoS +Info 2008-07-10 2018-10-11
5.0
None Remote Low Not required None None Partial
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
260 CVE-2008-3138 200 DoS +Info 2008-07-10 2018-10-11
5.0
None Remote Low Not required None None Partial
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
261 CVE-2008-3137 20 DoS 2008-07-10 2018-10-11
4.3
None Remote Medium Not required None None Partial
The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
262 CVE-2008-3136 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.
263 CVE-2008-3135 189 DoS 2008-07-10 2018-10-11
7.8
None Remote Low Not required None None Complete
Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a large numeric value in a 0x80 data block.
264 CVE-2008-3134 399 DoS 2008-07-10 2017-08-08
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
265 CVE-2008-3133 89 Exec Code Sql 2008-07-10 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter.
266 CVE-2008-3132 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
267 CVE-2008-3131 89 Exec Code Sql 2008-07-10 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.
268 CVE-2008-3130 79 XSS 2008-07-10 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote attackers to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
269 CVE-2008-3129 89 Exec Code Sql 2008-07-10 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value parameter in the news page and (2) webpage parameter in the webpage_multi_edit form.
270 CVE-2008-3128 22 Dir. Trav. 2008-07-10 2017-09-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
271 CVE-2008-3127 20 Exec Code File Inclusion 2008-07-10 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
272 CVE-2008-3126 119 Exec Code Overflow 2008-07-10 2017-08-08
6.5
None Remote Low ??? Partial Partial Partial
Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL.
273 CVE-2008-3125 89 Exec Code Sql 2008-07-10 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
274 CVE-2008-3124 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.
275 CVE-2008-3123 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
276 CVE-2008-3122 89 Exec Code Sql 2008-07-10 2017-08-08
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors.
277 CVE-2008-3121 79 XSS 2008-07-10 2017-08-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
278 CVE-2008-3119 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in DreamPics Builder allows remote attackers to execute arbitrary SQL commands via the page parameter.
279 CVE-2008-3118 89 Exec Code Sql 2008-07-10 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter.
280 CVE-2008-3117 20 Exec Code 2008-07-10 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in update_profile.php in PHPmotion 2.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of (1) image/gif, (2) image/jpeg, or (3) image/pjpeg, then accessing it via a direct request to the file under pictures/.
281 CVE-2008-3116 134 Exec Code 2008-07-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.
282 CVE-2008-3115 16 2008-07-09 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases.
283 CVE-2008-3114 200 +Info 2008-07-09 2018-10-30
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.
284 CVE-2008-3113 264 2008-07-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.
285 CVE-2008-3112 264 Dir. Trav. 2008-07-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.
286 CVE-2008-3111 119 Overflow +Priv 2008-07-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
287 CVE-2008-3110 264 +Info 2008-07-09 2018-10-11
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet.
288 CVE-2008-3109 264 +Priv 2008-07-09 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
289 CVE-2008-3108 119 Overflow +Priv 2008-07-09 2019-07-31
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.
290 CVE-2008-3107 264 +Priv 2008-07-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
291 CVE-2008-3106 264 2008-07-09 2018-10-11
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105.
292 CVE-2008-3105 264 DoS 2008-07-09 2018-10-11
8.3
None Remote Medium Not required Partial Partial Complete
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application.
293 CVE-2008-3104 264 2008-07-09 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.
294 CVE-2008-3103 264 2008-07-09 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
295 CVE-2008-3100 79 XSS 2008-07-29 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter in a getpasswd action to register.php.
296 CVE-2008-3097 79 XSS 2008-07-09 2017-08-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Tinytax taxonomy block) 5.x before 5.x-1.10-1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML, probably by creating a crafted taxonomy term.
297 CVE-2008-3096 264 +Priv 2008-07-09 2017-08-08
6.5
None Remote Low ??? Partial Partial Partial
The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each content reader's authentication level to match that of the content author, which might allow remote attackers to gain privileges.
298 CVE-2008-3095 79 XSS 2008-07-09 2017-08-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors.
299 CVE-2008-3094 200 +Info 2008-07-09 2021-04-15
4.3
None Remote Medium Not required Partial None None
The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.
300 CVE-2008-3093 94 Exec Code 2008-07-09 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the Upload_Avatar parameter and sending the image/gif content type.
Total number of vulnerabilities : 517   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.