Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3949 | 1 Suse | 1 Suse Linux | 2017-08-08 | 7.2 HIGH | N/A |
| emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file. | |||||
| CVE-2008-3919 | 1 Justsystems | 1 Ichitaro | 2017-08-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008. | |||||
| CVE-2008-3737 | 2 Spacetag, System Consultants | 2 Lacoodast, La Cooda Wiz | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact. | |||||
| CVE-2008-3707 | 1 Hotscripts | 1 Cyboards Php Lite | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to execute arbitrary PHP code via a URL in the script_path parameter to (1) flat_read.php, (2) post.php, (3) process_post.php, (4) process_search.php, (5) forum.php, (6) process_subscribe.php, (7) read.php, (8) search.php, (9) subscribe.php in path/; and (10) add_ban.php, (11) add_ban_form.php, (12) add_board.php, (13) add_vip.php, (14) add_vip_form.php, (15) copy_ban.php, (16) copy_vip.php, (17) delete_ban.php, (18) delete_board.php, (19) delete_messages.php, (20) delete_vip.php, (21) edit_ban.php, (22) edit_board.php, (23) edit_vip.php, (24) index.php, (25) lock_messages.php, (26) login.php, (27) modify_ban_list.php, (28) modify_vip_list.php, (29) move_messages.php, (30) process_add_board.php, (31) process_ban.php, (32) process_delete_ban.php, (33) process_delete_board.php, (34) process_delete_messages.php, (35) process_delete_vip.php, (36) process_edit_board.php, (37) process_lock_messages.php, (38) process_login.php, (39) process_move_messages.php, (40) process_sticky_messages.php, (41) process_vip.php, and (42) sticky_messages.php in path/adminopts. NOTE: the include/common.php vector is covered by CVE-2006-2871. NOTE: some of these vectors might not be vulnerabilities under proper installation. | |||||
| CVE-2008-3648 | 1 Microsoft | 1 Windows Xp | 2017-08-08 | 9.3 HIGH | N/A |
| nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. | |||||
| CVE-2008-3638 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 9.3 HIGH | N/A |
| Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. | |||||
| CVE-2008-3354 | 1 Runcms | 2 Newbb Plus Module, Runcms | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3335 | 1 Punbb | 1 Punbb | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors. | |||||
| CVE-2008-3313 | 1 Creacms | 1 Creacms | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3246 | 2 Blackberry, Rim | 7 Enterprise Server, Unite, Blackberry Enterprise Server and 4 more | 2017-08-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment. | |||||
| CVE-2008-3198 | 1 Mozilla | 1 Firefox | 2017-08-08 | 7.5 HIGH | N/A |
| Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933. | |||||
| CVE-2008-3043 | 1 Typo3 | 1 Wec Discussion Forum | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types." | |||||
| CVE-2008-3001 | 1 Drupal | 1 Aggregation Module | 2017-08-08 | 9.3 HIGH | N/A |
| The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions. | |||||
| CVE-2008-2772 | 1 Drupal | 1 Magic Tabs Module | 2017-08-08 | 7.5 HIGH | N/A |
| The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks." | |||||
| CVE-2008-2690 | 1 Browsercrm | 1 Browsercrm | 2017-08-08 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2497 | 1 Mambo-foundation | 1 Mambo | 2017-08-08 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2008-2345 | 1 Typo3 | 1 Air Filemanager | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering." | |||||
| CVE-2008-2284 | 1 Fusebox | 1 Fusebox | 2017-08-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOX_APPLICATION_PATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2275 | 1 Typo3 | 1 Sr Feuser Register Extension | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors. | |||||
| CVE-2008-2230 | 1 Reportbug-ng | 2 Reportbug, Reportbug-ng | 2017-08-08 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory. | |||||