CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2008-3952 89 Exec Code Sql 2008-09-11 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
252 CVE-2008-3951 89 Exec Code Sql 2008-09-11 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter.
253 CVE-2008-3950 189 DoS 2008-09-16 2018-10-11
5.0
None Remote Low Not required None None Partial
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
254 CVE-2008-3949 94 Exec Code 2008-09-22 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
255 CVE-2008-3948 89 Exec Code Sql 2008-09-05 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.
256 CVE-2008-3947 20 +Priv 2008-09-05 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain privileges via a long command line.
257 CVE-2008-3946 59 2008-09-05 2017-08-08
4.9
None Local Low Not required Complete None None
The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file.
258 CVE-2008-3945 89 Exec Code Sql 2008-09-05 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.
259 CVE-2008-3944 89 Exec Code Sql 2008-09-05 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
260 CVE-2008-3943 89 Exec Code Sql 2008-09-05 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter.
261 CVE-2008-3942 89 1 Exec Code Sql 2008-09-05 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
262 CVE-2008-3941 79 XSS 2008-09-05 2009-01-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.
263 CVE-2008-3940 134 +Priv 2008-09-05 2017-08-08
4.4
None Local Medium Not required Partial Partial Partial
Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file.
264 CVE-2008-3939 22 Dir. Trav. 2008-09-05 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
265 CVE-2008-3938 352 CSRF 2008-09-05 2008-09-05
5.8
None Remote Medium Not required None Partial Partial
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.
266 CVE-2008-3937 79 XSS 2008-09-05 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.
267 CVE-2008-3936 20 DoS 2008-09-05 2018-10-11
7.8
None Remote Low Not required None None Complete
The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI.
268 CVE-2008-3935 79 XSS 2008-09-05 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
269 CVE-2008-3934 20 DoS 2008-09-04 2018-10-11
3.3
None Local Network Low Not required None None Partial
Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 through 1.0.2 allows attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.
270 CVE-2008-3933 20 DoS 2008-09-04 2018-10-11
3.3
None Local Network Low Not required None None Partial
Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers to cause a denial of service (crash) via a packet with crafted zlib-compressed data that triggers an invalid read in the tvb_uncompress function.
271 CVE-2008-3932 20 DoS 2008-09-04 2018-10-11
5.0
None Remote Low Not required None None Partial
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of service (hang) via a crafted NCP packet that triggers an infinite loop.
272 CVE-2008-3931 59 2008-09-04 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
273 CVE-2008-3930 59 2008-09-04 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
274 CVE-2008-3929 59 2008-09-04 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
gather-messages.sh in Ampache 3.4.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/filelist temporary file.
275 CVE-2008-3928 59 2008-09-04 2017-08-08
6.9
None Local Medium Not required Complete Complete Complete
test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary files via a symlink attack on a temporary file.
276 CVE-2008-3927 59 2008-09-04 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files.
277 CVE-2008-3926 22 Dir. Trav. 2008-09-04 2017-09-29
5.8
None Remote Medium Not required Partial Partial None
Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php.
278 CVE-2008-3925 352 CSRF 2008-09-04 2017-09-29
4.3
None Remote Medium Not required None None Partial
Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action.
279 CVE-2008-3924 264 2008-09-04 2017-09-29
4.3
None Remote Medium Not required Partial None None
The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19.
280 CVE-2008-3923 79 XSS 2008-09-04 2017-09-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.
281 CVE-2008-3922 94 1 Exec Code 2008-09-04 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.
282 CVE-2008-3921 79 XSS 2008-09-04 2018-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameter.
283 CVE-2008-3920 264 2008-09-04 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.
284 CVE-2008-3919 94 Exec Code 2008-09-04 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.
285 CVE-2008-3918 89 Exec Code Sql 2008-09-04 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
286 CVE-2008-3917 79 XSS 2008-09-04 2018-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.
287 CVE-2008-3916 119 Exec Code Overflow 2008-09-04 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
288 CVE-2008-3915 119 Overflow 2008-09-11 2017-08-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.
289 CVE-2008-3914 200 +Info 2008-09-11 2020-11-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.
290 CVE-2008-3913 401 DoS 2008-09-11 2020-11-10
5.0
None Remote Low Not required None None Partial
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
291 CVE-2008-3912 399 DoS 2008-09-11 2020-11-09
5.0
None Remote Low Not required None None Partial
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
292 CVE-2008-3911 119 Overflow 2008-09-04 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.
293 CVE-2008-3910 189 2008-09-04 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact.
294 CVE-2008-3909 352 CSRF 2008-09-04 2011-03-08
5.8
None Remote Medium Not required None Partial Partial
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.
295 CVE-2008-3908 119 Exec Code Overflow 2008-09-04 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). NOTE: since WordNet itself does not run with special privileges, this issue only crosses privilege boundaries when WordNet is invoked as a third party component.
296 CVE-2008-3907 20 Exec Code 2008-09-04 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.
297 CVE-2008-3906 20 Http R.Spl. 2008-09-04 2018-10-11
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
298 CVE-2008-3905 287 2008-09-04 2018-10-03
5.8
None Remote Medium Not required None Partial Partial
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
299 CVE-2008-3904 20 Exec Code 2008-09-04 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
300 CVE-2008-3903 200 +Info 2008-09-04 2017-08-08
3.5
None Remote Medium ??? Partial None None
Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames.
Total number of vulnerabilities : 449   Page : 1 2 3 4 5 6 (This Page)7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.