Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2008-3252

больше 17 лет назад

Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2008-3251

больше 17 лет назад

Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3250

больше 17 лет назад

SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3249

больше 17 лет назад

The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.

CVSS2: 5.1
EPSS: Низкий
nvd логотип

CVE-2008-3248

больше 17 лет назад

qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files.

CVSS2: 4.6
EPSS: Низкий
nvd логотип

CVE-2008-3247

больше 17 лет назад

The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2008-3246

больше 17 лет назад

Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.

CVSS2: 9.3
EPSS: Средний
nvd логотип

CVE-2008-3245

больше 17 лет назад

SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3244

больше 17 лет назад

The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-3243

больше 17 лет назад

Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-3242

больше 17 лет назад

Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information.

CVSS2: 10
EPSS: Средний
nvd логотип

CVE-2008-3241

больше 17 лет назад

SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3240

больше 17 лет назад

SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3239

больше 17 лет назад

Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter.

CVSS2: 9.3
EPSS: Низкий
nvd логотип

CVE-2008-3238

больше 17 лет назад

Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2008-3237

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2008-3236

больше 17 лет назад

Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2008-3235

больше 17 лет назад

Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2008-3234

больше 17 лет назад

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2008-3233

больше 17 лет назад

Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2008-3252

Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.

CVSS2: 10
26%
Средний
больше 17 лет назад
nvd логотип
CVE-2008-3251

Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/.

CVSS2: 7.5
2%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3250

SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

CVSS2: 7.5
2%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3249

The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.

CVSS2: 5.1
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3248

qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files.

CVSS2: 4.6
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3247

The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.

CVSS2: 7.2
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3246

Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.

CVSS2: 9.3
34%
Средний
больше 17 лет назад
nvd логотип
CVE-2008-3245

SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.

CVSS2: 7.5
0%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3244

The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allows remote attackers to cause a denial of service (engine crash) via a CHM file with a large nb_dir value that triggers an out-of-bounds read.

CVSS2: 4.3
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3243

Multiple unspecified vulnerabilities in the scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 allow remote attackers to cause a denial of service via (1) a crafted UPX-compressed file, which triggers an engine crash; (2) a crafted Microsoft Office file, which triggers an infinite loop; or (3) an ASPack-compressed file, which triggers an engine crash.

CVSS2: 4.3
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3242

Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information.

CVSS2: 10
32%
Средний
больше 17 лет назад
nvd логотип
CVE-2008-3241

SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3240

SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3239

Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter.

CVSS2: 9.3
5%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3238

Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.

CVSS2: 7.5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3237

Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ITechBids 7.0 Gold allows remote attackers to inject arbitrary web script or HTML via the productid parameter.

CVSS2: 4.3
7%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3236

Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted.

CVSS2: 5
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3235

Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors.

CVSS2: 10
1%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3234

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

CVSS2: 6.5
3%
Низкий
больше 17 лет назад
nvd логотип
CVE-2008-3233

Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
0%
Низкий
больше 17 лет назад

Уязвимостей на страницу