CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2008-3092 89 Exec Code Sql 2008-07-09 2017-08-08
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors.
302 CVE-2008-3091 79 XSS 2008-07-09 2017-08-08
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors.
303 CVE-2008-3090 89 Exec Code Sql 2008-07-09 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO GUN +) 2.5.5 MySQL and PostgreSQL editions allow remote attackers to execute arbitrary SQL commands via the (1) p, (2) e, (3) d, and (4) m parameters, a different vulnerability than CVE-2008-2819.
304 CVE-2008-3089 89 Exec Code Sql 2008-07-09 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
305 CVE-2008-3088 79 XSS 2008-07-09 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.
306 CVE-2008-3087 22 Dir. Trav. 2008-07-09 2017-09-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to index.php, possibly related to the phpManual module.
307 CVE-2008-3083 89 Exec Code Sql 2008-07-09 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
308 CVE-2008-3082 79 XSS 2008-07-09 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in UPM/English/login/login.asp in Commtouch Enterprise Anti-Spam Gateway 4 and 5 allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.
309 CVE-2008-3081 20 Exec Code 2008-07-09 2017-08-08
6.5
None Remote Low ??? Partial Partial Partial
Multiple unspecified "input validation" vulnerabilities in the Web management interface (aka Messaging Administration interface) in Avaya Message Storage Server (MSS) 3.x and 4.0, and possibly Communication Manager 3.1.x, allow remote authenticated administrators to execute arbitrary commands as user vexvm via vectors related to (1) SFTP Remote Store configuration; (2) remote FTP storage settings; (3) name server lookup; (4) pinging another host; (5) TCP/IP Networking parameter configuration; (6) the external hosts configuration main page; (7) adding and changing external hosts; (8) Windows domain parameter configuration; (9) date, time, and NTP server configuration; (10) alarm settings; (11) the command line history form; (12) the maintenance form; and (13) the server events form.
310 CVE-2008-3080 352 Exec Code CSRF 2008-07-09 2017-09-29
5.1
None Remote High Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
311 CVE-2008-3079 Exec Code 2008-07-09 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
312 CVE-2008-3078 200 +Info 2008-07-09 2017-08-08
7.8
None Remote Low Not required Complete None None
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.
313 CVE-2008-3077 416 DoS 2008-07-09 2020-07-31
4.9
None Local Low Not required None None Complete
arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact via unknown vectors, possibly a use-after-free vulnerability.
314 CVE-2008-3073 XSS 2008-07-08 2012-11-27
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag."
315 CVE-2008-3072 189 2008-07-08 2012-11-27
7.5
None Remote Low Not required Partial Partial Partial
Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.
316 CVE-2008-3071 22 Dir. Trav. 2008-07-08 2012-11-27
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in inc/class_language.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $language variable.
317 CVE-2008-3070 89 Sql 2008-07-08 2012-11-27
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.
318 CVE-2008-3069 79 XSS 2008-07-08 2012-11-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.
319 CVE-2008-3068 +Info 2008-07-07 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
320 CVE-2008-3067 255 2008-07-07 2017-08-08
2.1
None Local Low Not required Partial None None
sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.
321 CVE-2008-3066 119 Exec Code Overflow 2008-07-28 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.
322 CVE-2008-3064 264 2008-07-28 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."
323 CVE-2008-3056 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
324 CVE-2008-3055 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
325 CVE-2008-3054 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
326 CVE-2008-3053 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
327 CVE-2008-3052 399 DoS 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to cause a denial of service via unknown vectors.
328 CVE-2008-3051 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
329 CVE-2008-3050 399 DoS 2008-07-07 2017-08-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to cause a denial of service via unspecified vectors.
330 CVE-2008-3049 200 +Info 2008-07-07 2017-08-08
5.0
None Remote Low Not required Partial None None
The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 allows attackers to obtain sensitive information via unspecified vectors.
331 CVE-2008-3048 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality."
332 CVE-2008-3047 264 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors.
333 CVE-2008-3046 264 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Incomplete blacklist vulnerability in the Packman (kb_packman) extension 0.2.1 and earlier for TYPO3 has unknown impact and attack vectors.
334 CVE-2008-3045 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Industry Database (aka Branchendatenbank pro_industrydb) extension 1.0.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Insufficient Verification of Data Authenticity."
335 CVE-2008-3044 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
336 CVE-2008-3043 94 Exec Code 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."
337 CVE-2008-3042 264 2008-07-07 2017-08-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Improper Error Handling."
338 CVE-2008-3041 264 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "broken access control."
339 CVE-2008-3040 200 +Info 2008-07-07 2017-08-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors.
340 CVE-2008-3039 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
341 CVE-2008-3038 89 Exec Code Sql 2008-07-07 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
342 CVE-2008-3037 79 XSS 2008-07-07 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
343 CVE-2008-3036 22 Dir. Trav. 2008-07-07 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in CMS little 0.0.1 allows remote attackers to include and execute arbitrary local files, and probably remote files, via a .. (dot dot) in the template parameter.
344 CVE-2008-3035 89 Exec Code Sql 2008-07-07 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter.
345 CVE-2008-3034 89 Exec Code Sql 2008-07-07 2018-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
346 CVE-2008-3033 287 2008-07-07 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
347 CVE-2008-3032 79 XSS 2008-07-07 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
348 CVE-2008-3031 22 Dir. Trav. 2008-07-07 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
349 CVE-2008-3030 89 Exec Code Sql 2008-07-07 2017-09-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action.
350 CVE-2008-3029 79 XSS 2008-07-07 2017-08-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 517   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.