Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3741 | 1 Drupal | 1 Drupal | 2017-08-07 | 3.5 LOW | N/A |
| The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTML. | |||||
| CVE-2008-3742 | 1 Drupal | 1 Drupal | 2017-08-07 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated. | |||||
| CVE-2008-3743 | 1 Drupal | 1 Drupal | 2017-08-07 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH elements. | |||||
| CVE-2008-3744 | 1 Drupal | 1 Drupal | 2017-08-07 | 5.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules. | |||||
| CVE-2008-3745 | 1 Drupal | 2 Drupal, Upload Module | 2017-08-07 | 5.5 MEDIUM | N/A |
| The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. | |||||
| CVE-2008-3746 | 1 Webdav | 1 Neon | 2017-08-07 | 4.3 MEDIUM | N/A |
| neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. | |||||
| CVE-2008-3747 | 1 Wordpress | 1 Wordpress | 2017-08-07 | 7.5 HIGH | N/A |
| The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie. | |||||
| CVE-2008-3752 | 1 Yourfreeworld | 1 Ad-exchange Script | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3753 | 1 Yourfreeworld | 1 Programs Rating Script | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3759 | 1 Lussumo | 1 Vanilla | 2017-08-07 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in ajax/UpdateCheck.php in Vanilla 1.1.4 and earlier has unknown impact and remote attack vectors. | |||||
| CVE-2008-3760 | 1 Lussumo | 1 Vanilla | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the sign-out page in Vanilla 1.1.4 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout via a SignOutNow action to people.php. | |||||
| CVE-2008-3766 | 1 Realtime Internet Band Rehearsal | 1 Low Latency Internet Connection Tool | 2017-08-07 | 5.0 MEDIUM | N/A |
| Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon) before 2.1.2 allows remote attackers to cause a denial of service (application crash) via malformed protocol messages. | |||||
| CVE-2008-3773 | 1 Vbulletin | 1 Vbulletin | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). | |||||
| CVE-2008-3774 | 1 Simasy | 1 Simasy Cms | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3776 | 1 Fujitsu | 1 Web Based Admin View | 2017-08-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2008-3777 | 1 Avaya | 3 Communication Manager, S8300c Server, Sip Enablement Services | 2017-08-07 | 2.1 LOW | N/A |
| The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs. | |||||
| CVE-2008-3778 | 1 Avaya | 3 Communication Manager, S8300c Server, Sip Enablement Services | 2017-08-07 | 7.5 HIGH | N/A |
| The remote management interface in SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, proceeds with Core router updates even when a login is invalid, which allows remote attackers to cause a denial of service (messaging outage) or gain privileges via an update request. | |||||
| CVE-2008-3781 | 1 Gmod | 1 Gbrowse | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3782 | 1 Discountedscripts | 1 Acg Ptp | 2017-08-07 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in ACG-PTP 1.0.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Category name field under Advertisement Packages, the (2) Reason field under Credit/Debit Users, and the (3) FAQ question and (4) FAQ answer fields under Add New FAQ Entry. | |||||
| CVE-2008-3786 | 1 Picturespro | 1 Picturespro Photo Cart | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka "Gallery or event name" field) in a search action. | |||||