Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6514 | 1 Compiz | 1 Compiz Fusion | 2017-08-16 | 6.2 MEDIUM | N/A |
| The Expo plugin in Compiz Fusion 0.7.8 allows local users with physical access to drag the screen saver aside and access the locked desktop by using Expo mouse shortcuts, a related issue to CVE-2007-3920. | |||||
| CVE-2008-6515 | 1 Vclcomponents | 1 Yappa-ng | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. | |||||
| CVE-2008-6516 | 1 Phpkf | 1 Phpkf-portal | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6520 | 1 Imatix | 1 Xitami | 2017-08-16 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. | |||||
| CVE-2008-6531 | 1 Atlassian | 1 Jira | 2017-08-16 | 6.8 MEDIUM | N/A |
| The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole." | |||||
| CVE-2008-6532 | 1 Drupal | 1 Drupal | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database. | |||||
| CVE-2008-6533 | 1 Drupal | 1 Drupal | 2017-08-16 | 4.3 MEDIUM | N/A |
| Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related content when an input format is deleted, which prevents the content from being properly filtered and allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2008-6536 | 1 7-zip | 1 7-zip | 2017-08-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10). | |||||
| CVE-2008-6542 | 1 Dotnetnuke | 1 Dotnetnuke | 2017-08-16 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform "server-side execution of application logic" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files. | |||||
| CVE-2008-6543 | 1 Comscripts | 1 Quick Classifieds | 2017-08-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc. | |||||
| CVE-2008-6544 | 1 Simple Machines | 1 Simple Machines Forum | 2017-08-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request. | |||||
| CVE-2008-6545 | 1 Comscripts | 1 Web Server Creator Web Portal | 2017-08-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6547 | 1 Formencode | 1 Formencode | 2017-08-16 | 7.5 HIGH | N/A |
| schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2008-6550 | 1 Davidbourrier | 1 Glossaire | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6560 | 1 Redhat | 3 Cman, Fedora, Linux | 2017-08-16 | 7.8 HIGH | N/A |
| Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it is not clear whether this issue crosses privilege boundaries in realistic uses of the product. | |||||
| CVE-2008-6561 | 2 Citrix, Microsoft | 2 Presentation Server Client, Windows | 2017-08-16 | 1.9 LOW | N/A |
| Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | |||||
| CVE-2008-6562 | 1 Jax Scripts | 1 Jax Linklists | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6564 | 1 Nortel | 2 Communication Server 1000, Unistim Protocol | 2017-08-16 | 7.6 HIGH | N/A |
| Nortel UNIStim protocol, as used in Communication Server 1000 and other products, uses predictable sequence numbers, which allows remote attackers to hijack sessions via sniffing or brute force attacks. | |||||
| CVE-2008-6599 | 1 Jath Pala | 1 Cookiecheck | 2017-08-16 | 5.0 MEDIUM | N/A |
| cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path." | |||||
| CVE-2008-6601 | 1 Epona | 1 Epona | 2017-08-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address of users via unknown vectors. | |||||