Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4635 | 2 Hisanaga Electric Co, Xoops | 2 Hisa Cart, Xoops | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 and earlier, a module for XOOPS, allows remote attackers to obtain sensitive user information via unknown vectors. | |||||
| CVE-2008-4637 | 1 Cpcommerce | 1 Cpcommerce | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the advanced search feature. NOTE: this is probably a variant of CVE-2008-4121. | |||||
| CVE-2008-4647 | 1 Sweetcms | 1 Sweetcms | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-4648 | 1 Elxis | 1 Elxis Cms | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO or the (2) option, (3) Itemid, (4) id, (5) task, (6) bid, and (7) contact_id parameters. NOTE: the error might be located in modules/mod_language.php, and index.php might be the interaction point. | |||||
| CVE-2008-4649 | 1 Elxis | 1 Elxis Cms | 2017-08-07 | 7.5 HIGH | N/A |
| Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | |||||
| CVE-2008-4651 | 1 Jetbox | 1 Jetbox Cms | 2017-08-07 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php. | |||||
| CVE-2008-4660 | 1 Typo3 | 2 M1 Intern, Typo3 | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4663 | 1 Kumacchi | 1 Ks Cgi Access Log | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used in K's CGI Access Log Kaiseki (1) jcode.pl and (2) Jcode.pm, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4664 | 1 Qvod | 1 Qvod Player | 2017-08-07 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4669 | 1 Dan Fletcher | 1 Recipe Script | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher Recipe Script allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4670 | 1 Ed Putal | 1 Clickbank Portal | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol Clickbank Portal allows remote attackers to inject arbitrary web script or HTML via the search box. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4671 | 1 Wordpress | 1 Wordpress Mu | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters. | |||||
| CVE-2008-4672 | 1 Goodlyrics | 1 Lyrics Script | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search_results.php in buymyscripts Lyrics Script allows remote attackers to inject arbitrary web script or HTML via the k parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4676 | 1 Citrix | 3 Access Essentials, Presentation Server, Xenapp | 2017-08-07 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain. | |||||
| CVE-2008-4677 | 1 Vim | 2 Netrw, Vim | 2017-08-07 | 4.3 MEDIUM | N/A |
| autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately." | |||||
| CVE-2008-4678 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 7.8 HIGH | N/A |
| The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure." | |||||
| CVE-2008-4679 | 1 Ibm | 1 Websphere Application Server | 2017-08-07 | 6.8 MEDIUM | N/A |
| The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. | |||||
| CVE-2008-4689 | 1 Mantis | 1 Mantis | 2017-08-07 | 7.5 HIGH | N/A |
| Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions. | |||||
| CVE-2008-4692 | 1 Ibm | 1 Db2 | 2017-08-07 | 10.0 HIGH | N/A |
| The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | |||||
| CVE-2008-4693 | 1 Ibm | 1 Db2 | 2017-08-07 | 5.0 MEDIUM | N/A |
| The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | |||||