Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0261 | 1 Mambo | 1 Mambo Open Source | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors. | |||||
| CVE-2008-0264 | 1 Drupal | 1 Meta Tags Module | 2017-08-07 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node. | |||||
| CVE-2008-0271 | 1 Drupal | 1 Bueditor | 2017-08-07 | 4.3 MEDIUM | N/A |
| The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. | |||||
| CVE-2008-0272 | 1 Drupal | 1 Drupal | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. | |||||
| CVE-2008-0273 | 1 Drupal | 1 Drupal | 2017-08-07 | 4.3 MEDIUM | N/A |
| Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. | |||||
| CVE-2008-0274 | 1 Drupal | 1 Drupal | 2017-08-07 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. | |||||
| CVE-2008-0275 | 1 Drupal | 1 Atom Module | 2017-08-07 | 5.0 MEDIUM | N/A |
| The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content. | |||||
| CVE-2008-0276 | 1 Drupal | 1 Drupal | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table. | |||||
| CVE-2008-0277 | 1 Drupal | 1 Fileshare Module | 2017-08-07 | 8.5 HIGH | N/A |
| Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors. | |||||
| CVE-2008-0281 | 1 Id-commerce | 1 Id-commerce | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter. | |||||
| CVE-2008-0292 | 1 Dansie | 1 Photo Album | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0293 | 1 Freeseat | 1 Freeseat | 2017-08-07 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function. | |||||
| CVE-2008-0294 | 1 Freeseat | 1 Freeseat | 2017-08-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors. | |||||
| CVE-2008-0299 | 1 Python Software Foundation | 1 Paramiko | 2017-08-07 | 4.3 MEDIUM | N/A |
| common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. | |||||
| CVE-2008-0306 | 1 Sap | 1 Maxdb | 2017-08-07 | 6.9 MEDIUM | N/A |
| sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. | |||||
| CVE-2008-0307 | 1 Sap | 1 Maxdb | 2017-08-07 | 9.3 HIGH | N/A |
| Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption. | |||||
| CVE-2008-0311 | 1 Borland | 1 Caliberrm | 2017-08-07 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request. | |||||
| CVE-2008-0312 | 2 Microsoft, Symantec | 5 Windows, Norton 360, Norton Antivirus and 2 more | 2017-08-07 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0313 | 1 Symantec | 4 Norton 360, Norton Antivirus, Norton Internet Security and 1 more | 2017-08-07 | 6.8 MEDIUM | N/A |
| The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share. | |||||
| CVE-2008-0314 | 1 Clam Anti-virus | 1 Clamav | 2017-08-07 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value. | |||||