Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | 360 Web Manager -- 360 Web Manager
| SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. | | 7.5 | CVE-2008-0430 MILW0RM BID FRSIRT XF
| Agares Media -- phpAutoVideo
| PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. | | 7.5 | CVE-2008-0433 BUGTRAQ BID FRSIRT SECUNIA XF
| AlilG -- aliTalk
| inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. | | 7.5 | CVE-2008-0391 MILW0RM BID
| AlstraSoft -- Forum Pay Per Post Exchange
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. | | 7.5 | CVE-2008-0429 MILW0RM BID FRSIRT SECUNIA
| auraCMS -- Mod Block Statistik auraCMS -- AuraCMS
| stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php. | | 7.5 | CVE-2008-0390 MILW0RM BID
| BitDefender -- Update Server
| Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. | | 7.8 | CVE-2008-0396 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
| Blog CMS -- Blog CMS
| Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/. | | 7.5 | CVE-2008-0450 BUGTRAQ
| Bloo -- bloofoxCMS
| Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | | 7.8 | CVE-2008-0427 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF
| BloofoxCMS -- BloofoxCMS
| Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php. | | 7.5 | CVE-2008-0428 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF
| BoastMachine -- BoastMachine
| SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.5 | CVE-2008-0422 BID FRSIRT
| businessobjects -- Crystal Reports Microsoft -- ActiveX
| Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. | | 9.3 | CVE-2008-0379 MILW0RM BID SECTRACK XF
| Cisco -- 5500 Series Adaptive Security Appliance Cisco -- PIX 500 Series Security Appliance
| Unspecified vulnerability in Cisco PIX 500 Series Security Appliance (PIX) and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. | | 7.1 | CVE-2008-0028 CISCO BID
| Cisco -- AVS
| Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. | | 10.0 | CVE-2008-0029 CISCO
| Citadel -- Citadel_SMTP
| Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information. | | 9.4 | CVE-2008-0394 MILW0RM OTHER-REF SECUNIA XF
| Core Security Technologies -- CORE FORCE
| Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module. | | 7.2 | CVE-2008-0365 BUGTRAQ OTHER-REF BID
| Core Security Technologies -- CORE FORCE
| CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments. | | 7.2 | CVE-2008-0366 BUGTRAQ OTHER-REF BID
| CyberGL Dev Team -- phpSearch
| PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter. | | 7.5 | CVE-2008-0448 BUGTRAQ XF
| Debian -- Debian Linux
| Argument injection vulnerability in scponly 4.6 and earlier allows remote authenticated users to modify commands when scponly invokes (1) unison, (2) rsync, (3) svn, and (4) svnserve, which can be leveraged to execute arbitrary code, as demonstrated by the --diff3-cmd option to svn, a different vulnerability than CVE-2007-6350. | | 8.5 | CVE-2007-6415 OTHER-REF SECUNIA
| Digital Data Communications -- RtspVapgDecoder.dll
| Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property. | | 10.0 | CVE-2008-0380 MILW0RM BID FRSIRT
| Foojan -- PHP Weblog
| SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter. | | 7.5 | CVE-2008-0447 MILW0RM
| Gecad Technologies -- Axigen Mail Server
| Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command. | | 7.5 | CVE-2008-0434 BUGTRAQ FULLDISC MILW0RM BID SECUNIA XF
| HP -- HP-UX
| Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors. | | 10.0 | CVE-2007-6425 HP
| HP -- HP Virtual Rooms Microsoft -- ActiveX
| Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information. | | 10.0 | CVE-2008-0437 FULLDISC BID FRSIRT SECUNIA
| IBM -- AIX
| Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option. | | 7.2 | CVE-2007-5764 IDEFENSE OTHER-REF AIXAPAR AIXAPAR AIXAPAR AIXAPAR
| IBM -- Informix Dynamic Server
| Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows attackers to create files via unspecified vectors involving the onedcu program. | | 10.0 | CVE-2008-0368 OTHER-REF AIXAPAR BID FRSIRT SECUNIA SECTRACK XF
| IBM -- Informix Dynamic Server
| Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows attackers to create files via unspecified vectors involving the SQLIDEBUG environment variable. | | 10.0 | CVE-2008-0369 OTHER-REF AIXAPAR BID FRSIRT SECUNIA SECTRACK XF
| IBM -- WebSphere Application Server
| Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25 and 6.1 through 6.1.0.14 has unknown impact and attack vectors. | | 10.0 | CVE-2008-0389 OTHER-REF BID FRSIRT SECUNIA
| IBM -- Tivoli Provisioning Manager OS Deployment
| Unspecified vulnerability in the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment before 5.1.0.3 Interim Fix 3 allows attackers to cause a denial of service via unknown vectors. | | 10.0 | CVE-2008-0401 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
| Invision Power Services -- Invision Gallery
| SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command. | | 7.5 | CVE-2008-0421
| Julian Pawlowski -- LulieBlog
| SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | | 7.5 | CVE-2008-0446 MILW0RM
| Lycos -- FileUploader.dll
| Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information. | | 10.0 | CVE-2008-0443 MILW0RM BID FRSIRT SECUNIA
| Microsoft -- Visual Basic Enterprise Edition
| Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. | | 9.3 | CVE-2008-0392 MILW0RM BID XF
| Microsoft -- ie Skype Technologies -- Skype
| Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." | | 9.3 | CVE-2008-0454 BUGTRAQ FULLDISC FULLDISC OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF CERT-VN FRSIRT
| Mooseguy Blog System -- MGBS
| SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter. | | 7.5 | CVE-2008-0424 MILW0RM BID FRSIRT
| MyBB -- MyBB
| Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. | | 7.5 | CVE-2008-0383 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF XF
| MyBulletinBoard -- MyBulletinBoard
| Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. | | 7.5 | CVE-2008-0382 BUGTRAQ MILW0RM MILW0RM BID SECUNIA
| News -- MicroNews
| MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php. | | 10.0 | CVE-2008-0377 BUGTRAQ XF
| OKI Printing Solutions -- C5510 MFP Printer
| OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. | | 10.0 | CVE-2008-0374 BUGTRAQ OTHER-REF BID SECUNIA
| OKI Printing Solutions -- C5510 MFP Printer
| Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. | | 10.0 | CVE-2008-0375 BUGTRAQ OTHER-REF BID SECUNIA
| PacerCMS -- PacerCMS
| Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/. | | 7.5 | CVE-2008-0451 BUGTRAQ OTHER-REF BID XF
| PHP -- F1 Maxs File Uploader
| Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files. | | 7.5 | CVE-2008-0373 BUGTRAQ BID XF
| Rocksalt International -- VP_ASP
| SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.5 | CVE-2008-0449 BID XF
| Small Axe Solutions -- Weblog
| PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | | 7.5 | CVE-2008-0442 BID SECUNIA
| Winamp -- Nullsoft Winamp
| Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles. | | 10.0 | CVE-2008-0065 OTHER-REF OTHER-REF FRSIRT SECUNIA
|