Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3393 | 1 Infomining | 1 Bookmine | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter. | |||||
| CVE-2008-3394 | 1 Infomining | 1 Bookmine | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters. | |||||
| CVE-2008-3395 | 2 Calacode, Linux | 2 Atmail, Linux Kernel | 2017-08-07 | 5.0 MEDIUM | N/A |
| Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3421 | 1 Blackboard | 1 Blackboard Academic Suite | 2017-08-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp. | |||||
| CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2017-08-07 | 7.5 HIGH | N/A |
| IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||
| CVE-2008-3424 | 1 Condor Project | 1 Condor | 2017-08-07 | 7.5 HIGH | N/A |
| Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2008-3425 | 1 Sun | 2 Java System Web Server Plugin, N1 Service Provisioning System | 2017-08-07 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System (SPS) 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors. | |||||
| CVE-2008-3428 | 1 Phpfreechat | 1 Phpfreechat | 2017-08-07 | 6.5 MEDIUM | N/A |
| Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter. | |||||
| CVE-2008-3429 | 1 Httrack | 2 Httrack, Winhttrack | 2017-08-07 | 6.8 MEDIUM | N/A |
| Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL. | |||||
| CVE-2008-3430 | 1 Eyeball Networks | 1 Eyeball Messenger Sdk | 2017-08-07 | 9.3 HIGH | N/A |
| Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer. | |||||
| CVE-2008-3444 | 1 Mozilla | 1 Firefox | 2017-08-07 | 4.3 MEDIUM | N/A |
| The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags." | |||||
| CVE-2008-3449 | 1 Mailenable | 1 Mailenable | 2017-08-07 | 5.0 MEDIUM | N/A |
| MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote attackers to cause a denial of service (crash) via multiple IMAP connection requests to the same folder. | |||||
| CVE-2008-3451 | 1 Phpwebgallery | 1 Phpwebgallery | 2017-08-07 | 4.0 MEDIUM | N/A |
| PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | |||||
| CVE-2008-3453 | 1 Impresscms | 1 Impresscms | 2017-08-07 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files." | |||||
| CVE-2008-3456 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-07 | 6.4 MEDIUM | N/A |
| phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack. | |||||
| CVE-2008-3457 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-08-07 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php. | |||||
| CVE-2008-3459 | 1 Openvpn | 1 Openvpn | 2017-08-07 | 7.6 HIGH | N/A |
| Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters. | |||||
| CVE-2008-3482 | 1 Panasonic | 8 Bb Hcm511, Bb Hcm515, Bb Hcm527 and 5 more | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3483 | 1 Screwturn | 1 Screwturn Wiki | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and 2.0.30 allows remote attackers to inject arbitrary web script or HTML via error messages in the "/admin.aspx - System Log" page. | |||||
| CVE-2008-3495 | 1 Aspindir | 1 Pcshey Portal | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter. | |||||